Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562321
MD5: 02bb15adea48221f6c39e50f1c4d902c
SHA1: 7ca16530831f2388c7cf367e3e782533a764bf10
SHA256: af2552f7d0586a5c95bbbf16460571b82e18aa651a440fa94136b0258c640c14
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\service123.exe ReversingLabs: Detection: 45%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_001015B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 14_2_001015B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9B14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 14_2_6C9B14B0
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_c48ac3c6-f
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 14_2_001081E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2AEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 14_2_6C9D0860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 14_2_6C9DA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 14_2_6C9DA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 14_2_6C9DA970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6CA8F960h 14_2_6C9CEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 14_2_6CA584A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6C9D4453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 14_2_6C9DA580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 14_2_6C9DA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 14_2_6C9DA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 14_2_6C9DC510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 14_2_6C9DE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 14_2_6C9DE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 14_2_6CA50730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 14_2_6C9D0740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2C040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2C1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 14_2_6CA0A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 14_2_6C9D0260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6CA8D014h] 14_2_6CA84360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2BD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 14_2_6CA27D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 14_2_6CA23840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 14_2_6C9DD974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 14_2_6C9EBBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 14_2_6C9EBBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 14_2_6CA09B60
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6CA2B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 14_2_6C9DD504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6CA8DFF4h 14_2_6CA23690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 14_2_6CA29600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 14_2_6C9DD674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 14_2_6C9DD7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6C9CB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 14_2_6CA53140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 14_2_6C9DD2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 14_2_6CA47350
Source: chrome.exe Memory has grown: Private usage: 13MB later: 28MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49745 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49785 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49756 -> 34.116.198.130:80
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------TbZ9Ktz61LNHHuKesRVDGzData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 62 5a 39 4b 74 7a 36 31 4c 4e 48 48 75 4b 65 73 52 56 44 47 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 69 74 75 79 75 67 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 26 25 14 dd d8 ce 5f 15 86 3e 7e 17 82 71 a9 28 56 f3 9b 3f 24 58 e5 a0 94 73 34 ae fd 24 00 f5 5b 28 85 bb 18 0f 7e 6a 6b aa 59 e5 b1 a7 62 7a a1 af c5 9f 60 ba 22 28 c9 95 a3 57 2a 7c 35 de 45 6f 76 ff 66 8d df 31 a8 21 b7 8e da c2 c9 85 3b 74 07 f4 05 aa 20 f9 42 1e bb 9b 7a 77 9a 7b db 16 25 c4 e9 0f c3 5f 57 71 45 b8 30 be c3 d5 46 37 99 5e a8 7d b9 ce 95 b0 5e 48 1c b9 ae e3 80 da b3 e4 6a 78 d8 29 a5 85 d3 66 89 42 4b 3c a5 32 44 98 74 3c c8 d0 1b 7e 84 aa 47 74 fd bf 17 a3 47 8c 10 fe c8 8d 6b 94 b6 4d ea 55 62 c0 1c 82 51 14 71 bc f9 5b 83 c0 cb 84 fd 40 3d 95 82 37 9f 6f 15 3d 43 2d 1f 72 1f 53 00 dc a9 65 75 07 4f 78 29 f8 91 8d 42 22 9b 83 38 1a 4b e0 2c 2e a2 f2 1a c4 f1 1f 13 de e2 35 2f 9c 93 77 ea 07 03 f0 08 46 a6 17 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 62 5a 39 4b 74 7a 36 31 4c 4e 48 48 75 4b 65 73 52 56 44 47 7a 2d 2d 0d 0a Data Ascii: --------------------------TbZ9Ktz61LNHHuKesRVDGzContent-Disposition: form-data; name="file"; filename="Bituyugu.bin"Content-Type: application/octet-stream&%_>~q(V?$Xs4$[(~jkYbz`"(W*|5Eovf1!;t Bzw{%_WqE0F7^}^Hjx)fBK<2Dt<~GtGkMUbQq[@=7o=C-rSeuOx)B"8K,.5/wF--------------------------TbZ9Ktz61LNHHuKesRVDGz--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 89496Content-Type: multipart/form-data; boundary=------------------------79tmElW8AG0WfavOWgaz8ZData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 39 74 6d 45 6c 57 38 41 47 30 57 66 61 76 4f 57 67 61 7a 38 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 65 66 65 62 61 6e 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9e 80 eb 96 71 a7 7c 93 05 81 7c 1c b7 b8 69 42 d2 ea c8 66 8a 47 ab 9a c3 9b 2d 4c 8b ce bf 0e ba b5 fa 7d 93 bf c5 dc e1 f0 00 ac 8a 20 02 6c da f2 c7 c8 ba 78 6f b5 59 eb d1 22 7e 92 3a ec 62 7a f2 a7 de 3a f2 cb 79 58 f4 8a cc 95 cb 96 c8 ff 4a 62 d8 a8 3e 2a 5e 33 e7 2b 0d da 42 0a b2 0d 11 94 c6 6d 06 4a 29 e3 96 2b 8f b7 dc f8 d0 e1 87 c6 a3 d9 d2 e0 cf 6e 0a 96 c7 f7 ce b0 f3 a5 e7 98 0b e0 1c 3f 9f 89 ff 7a 96 91 68 a9 d7 f4 97 8b 76 cf 6d f3 bc 15 f8 18 b3 a2 80 c7 c0 1b 35 a7 8b 2c 4e a7 97 24 b6 52 55 12 5e f5 a5 89 1a d0 3f e5 6d b9 c2 83 9a a3 bb 31 16 cd 94 46 ed 37 68 77 a7 b1 a7 10 11 78 08 e1 10 20 a5 f2 db 81 48 ab c8 95 fc ad 36 3d 38 f2 7d b8 4c ad bf d1 f5 7c 78 2d 95 64 a4 39 e1 18 19 89 fb b1 59 1d 31 32 f6 05 4c 10 dd 23 ec 7c be a8 25 d2 4a 27 4d 6c d0 f4 56 02 74 f3 bc f3 d2 4e 24 65 9d 77 df f6 42 bf 34 3a a9 77 4b 44 60 9d 2f 2d b5 c5 f8 71 78 c1 4e c4 b3 1e 28 62 8e fb 8e f7 cc c8 80 bf bb 6d 5d ad d3 f4 11 e8 92 93 7f c8 04 78 0d 7f ca 67 7a 36 b5 53 c0 f9 69 33 77 1e 19 18 e8 21 ce 41 b2 86 ac 8e 3c 91 f9 b9 51 21 6a e6 8e 5a a2 6e 75 d6 f5 b5 a3 3a f5 f8 74 1f 77 c1 53 9f c8 ca 48 51 df a7 7b 26 a5 f9 dc 59 b3 e1 95 ae 36 ea 63 a5 7b ab fa aa d8 d4 1a 2a fb a9 2a 42 6a ad 15 e3 a7 ab 37 37 bd 71 8f 79 21 f9 02 d3 e5 0e 84 1d 34 79 62 9b 73 e3 f4 40 3a 94 94 00 12 6d 86 ac 7d 2b 71 ee 74 7a 99 a0 98 19 98 d2 dd ee f3 a7 b0 5b 51 a3 09 b1 d5 9b 97 43 84 bc c3 e6 fb a9 ec cc 9b ef 2e e9 1c 6e f9 e7 ef 62 85 c2 22 a8 48 5c bd 2b 4b bd 17 9d d3 2f 8a f7 4c bc 7b 8b 4a 93 72 57 00 70 b0 e8 d8 59 c9 c5 ed d2 fe 25 e4 1f bc 9d cb 4d 6d a4 71 8a d5 a6 4b f4 d2 bb d3 7f 96 55 f4 29 65 74 75 cd d0 e9 a3 f8 2e 92 43 01 56 db 64 c1 0e 41 b2 38 86 c1 7e f3 67 27 f4 e0 09 67 2a 03 04 6b e7 eb 82 0f 99 56 fd 20 2a 28 f7 da f8 59 13 2b 39 28 49 84 4f 0d ab ac 67 a3 23 f2 22 e8 65 57 64 60 3b 01 d0 ac 9f ad fd a2 8b cd 4d 8c c3 59 61 d5 67 46 17 d1 83 f6 b2 e6 06 0e a5 27 f7 93 30 fd 26 1f e0 dc 10 ac 2b 34 17 de 4b 55 ac e4 54 31 6d 14 30 71 a4 73 be 6d c8 04 6d d9 70 ab d7 40 2c 97 12 b6 fb 1c 67 2b bc 1f 5e ff ac 6d e6 fb b8 a7 31 f4 60 bb c2 6a 26 5e ff cd 1a 0f db e6 05 72 0d 82 58 d4 66 83 40 ab 67 a0 20 be 82 22 81 55 1f 7a 5a 61 08 a4 c4 df 0e 6f e0 d4 44 c5 9a e5 38 86 93 19 46 2e 49 99 bf 61 58 56 c4 4f a0 e2 ab 71 db ff f5 61 44 25 c0 06 5e ea a7 e2 3e 44 cd
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 34782Content-Type: multipart/form-data; boundary=------------------------kD3ZhvoWiVdNlTvZrQT0mSData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6b 44 33 5a 68 76 6f 57 69 56 64 4e 6c 54 76 5a 72 51 54 30 6d 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 54 75 6d 65 6b 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a b8 48 41 16 49 08 7a 1a a2 0c 9e 42 ce 17 7e 11 13 1c ea c8 4a 77 a0 6c 03 63 16 4f 17 2a b4 34 e1 38 2d eb 9e cf 5f 7e 92 5e 06 ff 7e 8c a0 ca 8d ab f9 88 f8 19 e2 62 31 93 e9 32 9d 77 eb 03 9d 8a b2 69 f7 40 3e 9c 93 ce fd 95 f4 84 1f 73 73 7a 1d 46 9b 42 c5 72 43 ab 78 6e d0 a2 9c a6 1f 17 0f 8a 69 a2 c5 7e 24 bf ef be e0 05 0d d3 f6 7c d9 ed 4e 9d 78 4d f3 1d 4f d7 ab 9c 60 56 35 51 9f d4 3c d7 44 79 d6 26 7d 5a 77 55 51 73 80 ed df 01 c8 76 cd 99 72 8b 72 23 9c 9b ca 0e 92 fd 37 81 ac 1b 7e 0a d7 9f 0d fd b4 5c 73 5e 62 a3 5f ca 98 06 07 31 f6 b7 34 20 20 dc 78 4d e7 24 81 88 87 ae 5a 0c d1 2e 67 7e 84 4e 40 01 6e bf df c7 c3 3d f0 2a 21 3c 2b 09 e1 f0 b8 a0 a2 48 cf 64 39 53 9d e1 12 50 91 49 d5 96 66 f2 94 c4 de ee 97 b3 f1 07 20 81 87 34 25 98 79 9e 89 72 4b e5 10 71 18 d5 03 45 40 15 a3 c8 f8 fa 1f 71 db c6 ff c7 85 71 17 a0 a6 28 6c f7 94 34 f3 98 36 98 99 54 3d 0f af 83 f7 a6 dc 3e 5c 41 f8 27 be f3 c2 29 f8 72 b9 af 17 29 39 d4 ce e2 ef 11 35 b0 2b 4f 7b dc c2 04 d4 d5 17 ac 77 db b7 9d dd e1 92 60 46 22 1d 07 45 a8 ef a1 25 03 9f 42 b5 b3 bd 8c 53 fd dd 2a 2c dc ea 3e a4 02 41 35 14 df d7 81 c8 5b d8 97 c9 b2 36 80 a0 cc 7a 65 c1 c4 87 1d 27 65 a7 77 9a 25 7c 45 fa d5 8a fd 9a fc 7a ca a3 19 a0 fa 35 04 ec 35 5b 08 92 62 18 da b5 bb 3b f0 93 8e 58 59 c6 b6 25 ed 9e fd 38 0c 15 c1 b4 16 00 5f 57 cb a7 6f 5e 21 ad 9b 87 62 de ab fa 49 0c b8 19 e7 d5 30 12 36 a4 3e 04 3a ab c1 0e b2 d2 11 bc 39 eb fd 67 34 5b b7 cd 8b 38 f0 57 57 50 70 11 cf da 2b ca 5b 69 ed 96 e9 57 f0 49 03 d9 9b 31 e2 fa da bf 3a d2 0c a6 3a 12 e3 87 05 f6 ef 24 86 33 66 e7 6a d8 22 62 a1 53 a4 33 c2 25 07 b4 b3 e0 07 bf d5 a9 19 da 95 08 98 57 51 44 fc aa 0e f3 04 ce 15 d2 dd d7 4e db 63 da 3c b9 ab 38 84 7e d1 39 72 60 50 9b 32 9f 4a b1 82 a3 b0 51 49 40 62 2f 0d f3 d5 9d f3 99 87 86 0e bc 94 57 f6 96 46 23 47 38 55 b3 cd ff ba 86 28 80 f1 4f 7e 3d 07 59 2d c8 fe 37 01 b5 af 62 8f cc 57 d9 dd 65 fd 61 de 3b 91 b1 5d be 2c 96 e2 a1 c7 1b 89 a0 d0 02 fd 71 15 04 55 e2 c4 90 b9 1d 05 33 b1 54 ab d0 bb 32 c9 b5 a0 e4 53 cc 09 c0 94 28 b2 e8 96 d6 ee 04 d1 0d 34 1a f9 f1 0b f9 6e dd 2b 49 9b d0 4a 2c eb 0f 91 1f 40 32 f4 2d bf 73 70 5e d9 94 cc 5b cc aa 3d 1a 32 05 3b d2 9a 85 cf 0b 70 ce 5f 52 5c 85 4c c7 da 4c 0e e4 ee 68 0a e5 38 9c 04 9b 40 9e 50 98 6b 8d 1e fd 47 6b 25 4b ed c3 ec 8b 8d 6a 4e 5b 95 9b f5 2b
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000003.1642795794.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1642896867.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000009.00000003.1642795794.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1642896867.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.1670296257.0000722C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------TbZ9Ktz61LNHHuKesRVDGzData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 62 5a 39 4b 74 7a 36 31 4c 4e 48 48 75 4b 65 73 52 56 44 47 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 69 74 75 79 75 67 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 26 25 14 dd d8 ce 5f 15 86 3e 7e 17 82 71 a9 28 56 f3 9b 3f 24 58 e5 a0 94 73 34 ae fd 24 00 f5 5b 28 85 bb 18 0f 7e 6a 6b aa 59 e5 b1 a7 62 7a a1 af c5 9f 60 ba 22 28 c9 95 a3 57 2a 7c 35 de 45 6f 76 ff 66 8d df 31 a8 21 b7 8e da c2 c9 85 3b 74 07 f4 05 aa 20 f9 42 1e bb 9b 7a 77 9a 7b db 16 25 c4 e9 0f c3 5f 57 71 45 b8 30 be c3 d5 46 37 99 5e a8 7d b9 ce 95 b0 5e 48 1c b9 ae e3 80 da b3 e4 6a 78 d8 29 a5 85 d3 66 89 42 4b 3c a5 32 44 98 74 3c c8 d0 1b 7e 84 aa 47 74 fd bf 17 a3 47 8c 10 fe c8 8d 6b 94 b6 4d ea 55 62 c0 1c 82 51 14 71 bc f9 5b 83 c0 cb 84 fd 40 3d 95 82 37 9f 6f 15 3d 43 2d 1f 72 1f 53 00 dc a9 65 75 07 4f 78 29 f8 91 8d 42 22 9b 83 38 1a 4b e0 2c 2e a2 f2 1a c4 f1 1f 13 de e2 35 2f 9c 93 77 ea 07 03 f0 08 46 a6 17 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 54 62 5a 39 4b 74 7a 36 31 4c 4e 48 48 75 4b 65 73 52 56 44 47 7a 2d 2d 0d 0a Data Ascii: --------------------------TbZ9Ktz61LNHHuKesRVDGzContent-Disposition: form-data; name="file"; filename="Bituyugu.bin"Content-Type: application/octet-stream&%_>~q(V?$Xs4$[(~jkYbz`"(W*|5Eovf1!;t Bzw{%_WqE0F7^}^Hjx)fBK<2Dt<~GtGkMUbQq[@=7o=C-rSeuOx)B"8K,.5/wF--------------------------TbZ9Ktz61LNHHuKesRVDGz--
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000009.00000002.1671532612.0000722C0069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000009.00000002.1669246593.0000722C00082000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000009.00000003.1644896613.0000722C010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644659399.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644166922.0000722C01080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644281006.0000722C01090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000009.00000003.1644308907.0000722C010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646078214.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644896613.0000722C010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645911480.0000722C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670322275.0000722C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646026023.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644659399.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644166922.0000722C01080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644281006.0000722C01090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000009.00000003.1644308907.0000722C010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646078214.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644896613.0000722C010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645911480.0000722C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670322275.0000722C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646026023.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644659399.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644166922.0000722C01080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644281006.0000722C01090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000009.00000003.1644308907.0000722C010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646078214.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644896613.0000722C010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645911480.0000722C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670322275.0000722C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646026023.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644659399.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644166922.0000722C01080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644281006.0000722C01090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000009.00000003.1644308907.0000722C010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646078214.0000722C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644896613.0000722C010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645911480.0000722C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670322275.0000722C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646026023.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644659399.0000722C00F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644166922.0000722C01080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1644281006.0000722C01090000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000009.00000002.1672266463.0000722C0085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000009.00000002.1673234692.0000722C009BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.19.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000009.00000002.1673396006.0000722C00A38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.1669615959.0000722C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000009.00000002.1670748008.0000722C004AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670606114.0000722C00418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000009.00000002.1669145537.0000722C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000009.00000002.1673434964.0000722C00A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670654167.0000722C00440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674348040.0000722C00C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000009.00000002.1671690955.0000722C00728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000009.00000002.1673144174.0000722C0099C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000009.00000002.1669207437.0000722C00050000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000009.00000002.1669207437.0000722C00050000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000009.00000002.1669207437.0000722C00050000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000009.00000002.1669615959.0000722C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000009.00000003.1639378565.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1639450399.0000722C00A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670902338.0000722C0050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000009.00000002.1671209558.0000722C005BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000009.00000003.1641037305.0000722C0039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000009.00000002.1671607436.0000722C006E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore0KQvGDdc=
Source: chrome.exe, 00000009.00000002.1671607436.0000722C006E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000009.00000002.1676030845.0000722C011D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000009.00000002.1676030845.0000722C011D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en(r
Source: chrome.exe, 00000009.00000002.1676030845.0000722C011D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en3-
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enmojom.ModuleEventSinkMessageHeaderValidator
Source: chrome.exe, 00000009.00000003.1639901192.0000722C00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1642593056.0000722C00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1642570758.0000722C00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643922126.0000722C00D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1647514152.0000722C00CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645933560.0000722C00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1640354328.0000722C00D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1641186315.0000722C004B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1640142494.0000722C00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645956140.0000722C00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1642547741.0000722C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1645469924.0000722C00CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1641037305.0000722C0039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000009.00000002.1671607436.0000722C006E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstorehttps://chrome.google.com/webstore
Source: chrome.exe, 00000009.00000003.1632051482.000071C8006B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000009.00000003.1632051482.000071C8006B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000009.00000002.1669145537.0000722C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000009.00000002.1674510011.0000722C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/_
Source: chrome.exe, 00000009.00000003.1627209314.0000542C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1627231023.0000542C002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000009.00000002.1671180570.0000722C005AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000009.00000002.1671807206.0000722C0077C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000009.00000002.1673760043.0000722C00AD8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000009.00000002.1672266463.0000722C0085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000009.00000002.1672266463.0000722C0085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000009.00000002.1673434964.0000722C00A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1671532612.0000722C0069C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000005.00000003.1288790755.00000000075D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670717277.0000722C00490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675803063.0000722C010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674510011.0000722C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674510011.0000722C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670717277.0000722C00490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670902338.0000722C0050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670296257.0000722C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670902338.0000722C0050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670403155.0000722C00360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1673167758.0000722C009A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000009.00000002.1673167758.0000722C009A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab5
Source: chrome.exe, 00000009.00000002.1674463788.0000722C00C74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: unmYCIPOHmXNjqOesrEy.dll.5.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000009.00000003.1631856729.000071C800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/q
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000009.00000002.1669122841.0000722C0000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000009.00000002.1671561290.0000722C006C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674487062.0000722C00C80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000009.00000003.1638945126.0000722C003E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675803063.0000722C010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675803063.0000722C010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000009.00000002.1668876179.000071C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000009.00000002.1668128427.000071C800238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1668876179.000071C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000009.00000003.1631203077.000071C800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1631447280.000071C80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000009.00000002.1668876179.000071C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000009.00000002.1668128427.000071C800238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1668876179.000071C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardq
Source: chrome.exe, 00000009.00000002.1668876179.000071C800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646238379.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000009.00000003.1632297336.000071C8006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1668850027.000071C800744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000009.00000002.1669056797.000071C80080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000009.00000002.1668918406.000071C80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000009.00000002.1668850027.000071C800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670403155.0000722C00360000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670902338.0000722C0050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000009.00000002.1670794683.0000722C004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674583374.0000722C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1671807206.0000722C0077C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000009.00000002.1670794683.0000722C004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675546863.0000722C00F70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1671807206.0000722C0077C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000009.00000002.1671807206.0000722C0077C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000009.00000002.1673266671.0000722C009D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643059395.0000722C00FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643033108.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1673167758.0000722C009B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000009.00000002.1673760043.0000722C00AD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675872386.0000722C01124000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000009.00000002.1673266671.0000722C009D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643059395.0000722C00FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643033108.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1673167758.0000722C009B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000009.00000003.1646635241.0000722C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646553664.0000722C01148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000009.00000002.1673266671.0000722C009D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643059395.0000722C00FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1643033108.0000722C00E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1673167758.0000722C009B7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000009.00000002.1669615959.0000722C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000009.00000002.1669674731.0000722C000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675803063.0000722C010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.1672046919.0000722C007C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675803063.0000722C010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672075147.0000722C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000009.00000002.1673396006.0000722C00A38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000009.00000002.1674282349.0000722C00C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1669615959.0000722C000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000009.00000003.1645469924.0000722C00CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672130436.0000722C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000009.00000002.1674559453.0000722C00CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672130436.0000722C0080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000009.00000002.1674533426.0000722C00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674510011.0000722C00C8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000009.00000002.1674533426.0000722C00CA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:29
Source: chrome.exe, 00000009.00000002.1675410303.0000722C00F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1676007044.0000722C011BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000009.00000002.1675410303.0000722C00F24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0B
Source: chrome.exe, 00000009.00000002.1676030845.0000722C011D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000009.00000002.1673047367.0000722C00958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672266463.0000722C0085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000009.00000002.1673047367.0000722C00958000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670077177.0000722C001E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1675360421.0000722C00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1672266463.0000722C0085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000009.00000002.1675134504.0000722C00E58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670902338.0000722C0050C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000009.00000002.1671749700.0000722C0074C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000009.00000003.1646438989.0000722C0030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000009.00000002.1673434964.0000722C00A4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000009.00000002.1669145537.0000722C0001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1671478425.0000722C0067C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000009.00000002.1674160438.0000722C00BB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670122811.0000722C0020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000009.00000002.1670843454.0000722C004DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000009.00000002.1671129533.0000722C00590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.1670296257.0000722C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 14_2_6C9C9C22
Contains functionality to modify clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 14_2_6C9C9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 14_2_6C9C9D11
Contains functionality to read the clipboard data
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 14_2_6C9C9E27

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.5.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_001051B0 14_2_001051B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_00103E20 14_2_00103E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F2CCE 14_2_6C9F2CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9BCD00 14_2_6C9BCD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9BEE50 14_2_6C9BEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C0FC0 14_2_6C9C0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA00AC0 14_2_6CA00AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C44F0 14_2_6C9C44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F46E0 14_2_6C9F46E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F07D0 14_2_6C9F07D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9E87C0 14_2_6C9E87C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F2090 14_2_6C9F2090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA00060 14_2_6CA00060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9E2360 14_2_6C9E2360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA0DC70 14_2_6CA0DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C5880 14_2_6C9C5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9E98F0 14_2_6C9E98F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F7A20 14_2_6C9F7A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9FDBEE 14_2_6C9FDBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F140E 14_2_6C9F140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA01510 14_2_6CA01510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9FF610 14_2_6C9FF610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9DF760 14_2_6C9DF760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9C70C0 14_2_6C9C70C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA750D0 14_2_6CA750D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9B3000 14_2_6C9B3000
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 05466AC3A1F09726E552D0CBF3BAC625A7EB7944CEDF812F60B066DCBD74AFB1
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA836E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA83B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA7ADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA83560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA85980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA83820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6CA85A70 appears 77 times
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 1080
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: bywzhwxv ZLIB complexity 0.9943088574951375
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@21/7@10/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\JStVXPURjEhqLJtWBhCN
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7608
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user~1\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000009.00000002.1671002424.0000722C0056F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 39%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2244,i,15888928797470056610,12069267996106984436,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user~1\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 1080
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2244,i,15888928797470056610,12069267996106984436,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4444672 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of bywzhwxv is bigger than: 0x100000 < 0x1c1e00
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_00108230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 14_2_00108230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x43f598 should be: 0x445207
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: bywzhwxv
Source: file.exe Static PE information: section name: ftowmopg
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.5.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.5.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_0010A521 push es; iretd 14_2_0010A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA60C30 push eax; mov dword ptr [esp], edi 14_2_6CA60DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA2ED10 push eax; mov dword ptr [esp], ebx 14_2_6CA2EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA04E31 push eax; mov dword ptr [esp], ebx 14_2_6CA04E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F8E7A push edx; mov dword ptr [esp], ebx 14_2_6C9F8E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9FA947 push eax; mov dword ptr [esp], ebx 14_2_6C9FA95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA18AA0 push eax; mov dword ptr [esp], ebx 14_2_6CA1909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA00AA2 push eax; mov dword ptr [esp], ebx 14_2_6CA00AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA02AAC push edx; mov dword ptr [esp], ebx 14_2_6CA02AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA2EAB0 push eax; mov dword ptr [esp], ebx 14_2_6CA2EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA32BF0 push eax; mov dword ptr [esp], ebx 14_2_6CA32F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA32BF0 push edx; mov dword ptr [esp], ebx 14_2_6CA32F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F048B push eax; mov dword ptr [esp], ebx 14_2_6C9F04A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F04E0 push eax; mov dword ptr [esp], ebx 14_2_6C9F06DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F8435 push edx; mov dword ptr [esp], ebx 14_2_6C9F8449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA18460 push eax; mov dword ptr [esp], ebx 14_2_6CA18A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9FA5A7 push eax; mov dword ptr [esp], ebx 14_2_6C9FA5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9D1CFA push eax; mov dword ptr [esp], ebx 14_2_6CA86622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9D1CFA push eax; mov dword ptr [esp], ebx 14_2_6CA86622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA086A1 push 890005EAh; ret 14_2_6CA086A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA406B0 push eax; mov dword ptr [esp], ebx 14_2_6CA40A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F06A6 push eax; mov dword ptr [esp], ebx 14_2_6C9F06DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F06A2 push eax; mov dword ptr [esp], ebx 14_2_6C9F06DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F06FD push eax; mov dword ptr [esp], ebx 14_2_6C9F06DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F66F3 push edx; mov dword ptr [esp], ebx 14_2_6C9F6707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA32620 push eax; mov dword ptr [esp], ebx 14_2_6CA32954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA32620 push edx; mov dword ptr [esp], ebx 14_2_6CA32973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9F070E push eax; mov dword ptr [esp], ebx 14_2_6C9F06DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9FA777 push eax; mov dword ptr [esp], ebx 14_2_6C9FA78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9CE0D0 push eax; mov dword ptr [esp], ebx 14_2_6CA86AF6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6C9CE0D0 push edx; mov dword ptr [esp], edi 14_2_6CA86B36
Source: file.exe Static PE information: section name: bywzhwxv entropy: 7.954676530993498
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user~1\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Found stalling execution ending in API Sleep call
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1DE27 second address: E1DE2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E306BC second address: E306D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9C1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E306D2 second address: E306E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0FBC9C1266h 0x0000000a js 00007F0FBC9C1266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30DBE second address: E30DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30DC4 second address: E30DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30DCA second address: E30DCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E30F3E second address: E30F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0FBC9C126Ch 0x0000000b popad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0FBC9C1279h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E3310A second address: E3310E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E3310E second address: E331C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F0FBC9C1278h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f mov si, bx 0x00000012 push BD4E88FBh 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pop esi 0x0000001d add dword ptr [esp], 42B17785h 0x00000024 mov dx, 7597h 0x00000028 push 00000003h 0x0000002a and esi, 313B6A40h 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D1AA8h], edi 0x00000038 push 00000003h 0x0000003a mov si, ax 0x0000003d jc 00007F0FBC9C126Ch 0x00000043 mov dword ptr [ebp+122D2C57h], eax 0x00000049 call 00007F0FBC9C1269h 0x0000004e jnc 00007F0FBC9C127Eh 0x00000054 push eax 0x00000055 jne 00007F0FBC9C1278h 0x0000005b mov eax, dword ptr [esp+04h] 0x0000005f jbe 00007F0FBC9C126Eh 0x00000065 je 00007F0FBC9C1268h 0x0000006b pushad 0x0000006c popad 0x0000006d mov eax, dword ptr [eax] 0x0000006f push eax 0x00000070 push edx 0x00000071 push esi 0x00000072 push ebx 0x00000073 pop ebx 0x00000074 pop esi 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E331C4 second address: E331F0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0FBD2FA9BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0FBD2FA9C6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E331F0 second address: E331F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E331F6 second address: E331FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E331FA second address: E33235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1277h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c sbb edi, 7FDF5EA4h 0x00000012 mov dl, bh 0x00000014 lea ebx, dword ptr [ebp+12451FF0h] 0x0000001a mov dword ptr [ebp+122D1985h], esi 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E33297 second address: E332C1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0FBD2FA9B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f mov dh, 66h 0x00000011 call 00007F0FBD2FA9B9h 0x00000016 push eax 0x00000017 push edx 0x00000018 jns 00007F0FBD2FA9BCh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E332C1 second address: E33364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0FBC9C126Bh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jg 00007F0FBC9C127Dh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 push eax 0x00000018 jns 00007F0FBC9C1266h 0x0000001e pop eax 0x0000001f jmp 00007F0FBC9C126Dh 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 pushad 0x00000028 push edx 0x00000029 push edi 0x0000002a pop edi 0x0000002b pop edx 0x0000002c jg 00007F0FBC9C1268h 0x00000032 popad 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 jp 00007F0FBC9C126Ah 0x0000003d push eax 0x0000003e pushad 0x0000003f popad 0x00000040 pop eax 0x00000041 pop eax 0x00000042 mov dword ptr [ebp+122D1F19h], edx 0x00000048 push 00000003h 0x0000004a clc 0x0000004b push 00000000h 0x0000004d mov edx, 1772C83Bh 0x00000052 push 00000003h 0x00000054 jmp 00007F0FBC9C126Eh 0x00000059 push D952F8C2h 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F0FBC9C1273h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E334BD second address: E334E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0FBD2FA9BFh 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E45DA0 second address: E45DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E17191 second address: E171A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0FBD2FA9B6h 0x00000009 ja 00007F0FBD2FA9B6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E171A4 second address: E171AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E171AC second address: E171C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0FBD2FA9C2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E171C8 second address: E171E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0FBC9C1276h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E171E8 second address: E171F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53081 second address: E5308A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E531BD second address: E531D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jo 00007F0FBD2FA9B6h 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1717D second address: E17191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0FBC9C1270h 0x0000000a jmp 00007F0FBC9C126Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53478 second address: E5347F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5347F second address: E53486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53486 second address: E53496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53496 second address: E534AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1272h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E534AD second address: E534B2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E535F3 second address: E5360C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1275h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5360C second address: E53636 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0FBD2FA9C3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53636 second address: E53640 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53640 second address: E53646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53646 second address: E53661 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0FBC9C126Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53661 second address: E53665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53AAC second address: E53AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F0FBC9C126Bh 0x0000000b ja 00007F0FBC9C1266h 0x00000011 jmp 00007F0FBC9C126Bh 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push edi 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53AD8 second address: E53AE2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53AE2 second address: E53AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 js 00007F0FBC9C1266h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53AEE second address: E53AFB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53C57 second address: E53C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53DC2 second address: E53DCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E53F3D second address: E53F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4AF72 second address: E4AF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4AF86 second address: E4AF8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E54A57 second address: E54A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5ADE6 second address: E5ADEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5ADEC second address: E5ADF6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0FBD2FA9B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5EADC second address: E5EAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5EAE0 second address: E5EAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5EAE9 second address: E5EAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E621E0 second address: E62202 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0FBD2FA9C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E62202 second address: E62206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1C368 second address: E1C36C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1C36C second address: E1C372 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61832 second address: E61837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61837 second address: E61875 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBC9C1276h 0x00000008 js 00007F0FBC9C1266h 0x0000000e jne 00007F0FBC9C1266h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a jmp 00007F0FBC9C126Fh 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E61AE7 second address: E61AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E627B8 second address: E627BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E627BD second address: E627D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0FBD2FA9B6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E627D0 second address: E627D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E627D5 second address: E627DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F0FBD2FA9B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E627DF second address: E627E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E62C2F second address: E62C35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E62C35 second address: E62C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E62C39 second address: E62C3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E62D8C second address: E62D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E632B3 second address: E632B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E632B7 second address: E632D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E632D4 second address: E632DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E632DA second address: E632FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1278h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6336B second address: E6336F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6336F second address: E63375 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63375 second address: E6337F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F0FBD2FA9B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6337F second address: E63396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F0FBC9C126Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63405 second address: E63416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007F0FBD2FA9C8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63416 second address: E6341A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6341A second address: E6341E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63550 second address: E63557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63EB7 second address: E63EE3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F0FBD2FA9CEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63EE3 second address: E63EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E63EE9 second address: E63F58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F0FBD2FA9C5h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F0FBD2FA9B8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a jmp 00007F0FBD2FA9C2h 0x0000002f push 00000000h 0x00000031 jmp 00007F0FBD2FA9BDh 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F0FBD2FA9BBh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E64939 second address: E6493D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E65C28 second address: E65C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E65C2C second address: E65C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E67035 second address: E6703B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E66365 second address: E66369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6871F second address: E68733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBD2FA9C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E68733 second address: E68767 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub di, FDB1h 0x00000010 push 00000000h 0x00000012 jmp 00007F0FBC9C126Bh 0x00000017 push 00000000h 0x00000019 jmp 00007F0FBC9C126Eh 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push edx 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E68767 second address: E6876D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6876D second address: E68773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E68773 second address: E68777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E691EC second address: E691FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E691FE second address: E69202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6FB66 second address: E6FB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6FB6A second address: E6FB75 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6FCC9 second address: E6FCCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6FCCD second address: E6FCF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F0FBD2FA9BCh 0x0000000c jnc 00007F0FBD2FA9B6h 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0FBD2FA9BDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6FCF1 second address: E6FCFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E73BCC second address: E73BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0FBD2FA9C5h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jc 00007F0FBD2FA9B6h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E71D0F second address: E71DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+1245E20Fh], eax 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F0FBC9C1268h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov edi, dword ptr [ebp+122D29CFh] 0x0000003f mov eax, dword ptr [ebp+122D0415h] 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007F0FBC9C1268h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f mov edi, 3ECC31FAh 0x00000064 mov bx, dx 0x00000067 push FFFFFFFFh 0x00000069 sub edi, dword ptr [ebp+122D18DDh] 0x0000006f nop 0x00000070 jnc 00007F0FBC9C1274h 0x00000076 push eax 0x00000077 jc 00007F0FBC9C1274h 0x0000007d push eax 0x0000007e push edx 0x0000007f push ecx 0x00000080 pop ecx 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E73BF5 second address: E73C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBD2FA9C3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E73C0E second address: E73C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74268 second address: E7426C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E743F8 second address: E743FE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E763E2 second address: E763EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E76484 second address: E76488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E76488 second address: E7648C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E75555 second address: E755DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0FBC9C1268h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d cmc 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F0FBC9C1268h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007F0FBC9C1268h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 jmp 00007F0FBC9C1279h 0x00000055 mov bl, ah 0x00000057 mov eax, dword ptr [ebp+122D0F55h] 0x0000005d mov di, 1F3Bh 0x00000061 push FFFFFFFFh 0x00000063 mov bx, dx 0x00000066 nop 0x00000067 push esi 0x00000068 push eax 0x00000069 push edx 0x0000006a push esi 0x0000006b pop esi 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E755DE second address: E755E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7750E second address: E77513 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E78476 second address: E7848E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7848E second address: E78517 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0FBC9C1268h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c jmp 00007F0FBC9C126Eh 0x00000011 pop esi 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F0FBC9C1268h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f mov ebx, dword ptr [ebp+122D350Dh] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F0FBC9C1268h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 0000001Bh 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 add dword ptr [ebp+122D1AB1h], ecx 0x00000057 mov ebx, dword ptr [ebp+122D33DCh] 0x0000005d push eax 0x0000005e pushad 0x0000005f pushad 0x00000060 push edi 0x00000061 pop edi 0x00000062 pushad 0x00000063 popad 0x00000064 popad 0x00000065 pushad 0x00000066 pushad 0x00000067 popad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7A5D0 second address: E7A5D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7A5D5 second address: E7A5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F0FBC9C1276h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C647 second address: E7C64B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C64B second address: E7C657 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C657 second address: E7C65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C65B second address: E7C667 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0FBC9C1266h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C667 second address: E7C66E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7DBE5 second address: E7DBEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0FBC9C1266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7ED08 second address: E7ED0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7ED0E second address: E7ED14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7ED14 second address: E7ED18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7ED18 second address: E7ED63 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d movzx ebx, di 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F0FBC9C1268h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov ebx, dword ptr [ebp+122D1900h] 0x00000032 push 00000000h 0x00000034 or dword ptr [ebp+122D2A17h], eax 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jng 00007F0FBC9C126Ch 0x00000043 jng 00007F0FBC9C1266h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E786B9 second address: E786BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E80C79 second address: E80C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007F0FBC9C1275h 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E80C98 second address: E80C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E80C9E second address: E80CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E786BD second address: E78759 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, 0D13AD81h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F0FBD2FA9B8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jmp 00007F0FBD2FA9C0h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c mov eax, dword ptr [ebp+122D1225h] 0x00000042 mov edi, ebx 0x00000044 push FFFFFFFFh 0x00000046 push 00000000h 0x00000048 push ecx 0x00000049 call 00007F0FBD2FA9B8h 0x0000004e pop ecx 0x0000004f mov dword ptr [esp+04h], ecx 0x00000053 add dword ptr [esp+04h], 0000001Dh 0x0000005b inc ecx 0x0000005c push ecx 0x0000005d ret 0x0000005e pop ecx 0x0000005f ret 0x00000060 nop 0x00000061 jmp 00007F0FBD2FA9C1h 0x00000066 push eax 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a jng 00007F0FBD2FA9B6h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7EED9 second address: E7EEDF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7EEDF second address: E7EEE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89E16 second address: E89E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 jo 00007F0FBC9C126Ah 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push esi 0x00000013 push ecx 0x00000014 js 00007F0FBC9C1266h 0x0000001a jmp 00007F0FBC9C1276h 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89E4B second address: E89E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89808 second address: E89815 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89815 second address: E8981A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8981A second address: E8983B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0FBC9C1272h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89A02 second address: E89A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89A08 second address: E89A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E89A0E second address: E89A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8E6F8 second address: E8E6FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9211B second address: E9215B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F0FBD2FA9BAh 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F0FBD2FA9BCh 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edi 0x00000016 jnp 00007F0FBD2FA9C6h 0x0000001c jmp 00007F0FBD2FA9C0h 0x00000021 pop edi 0x00000022 mov eax, dword ptr [eax] 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9215B second address: E9215F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9819E second address: E981A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E96DB1 second address: E96DC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBC9C126Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E96DC3 second address: E96DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F0FBD2FA9BAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E96DD6 second address: E96DFD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0FBC9C126Ch 0x00000008 jo 00007F0FBC9C1266h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0FBC9C1277h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E96DFD second address: E96E03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E974B4 second address: E974D7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0FBC9C126Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0FBC9C126Bh 0x0000000f jnc 00007F0FBC9C1266h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E974D7 second address: E974EB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jo 00007F0FBD2FA9B8h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E974EB second address: E9753E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1276h 0x00000009 jmp 00007F0FBC9C1277h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F0FBC9C1272h 0x00000015 jmp 00007F0FBC9C126Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9753E second address: E9754D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F0FBD2FA9B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9754D second address: E97566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1275h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E977D8 second address: E977F7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007F0FBD2FA9B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jno 00007F0FBD2FA9B6h 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E977F7 second address: E9781F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C126Ah 0x00000009 jmp 00007F0FBC9C1273h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E979A6 second address: E979C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F0FBD2FA9BDh 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007F0FBD2FA9B6h 0x00000014 pop esi 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97C77 second address: E97C87 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0FBC9C1266h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97C87 second address: E97C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97C8B second address: E97C91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97DFC second address: E97E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9BEh 0x00000009 jmp 00007F0FBD2FA9BBh 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F0FBD2FA9C6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97E35 second address: E97E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F0FBC9C126Ch 0x0000000b jmp 00007F0FBC9C1271h 0x00000010 jmp 00007F0FBC9C126Bh 0x00000015 popad 0x00000016 jmp 00007F0FBC9C126Ch 0x0000001b popad 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97E75 second address: E97EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0FBD2FA9B6h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0FBD2FA9C5h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F0FBD2FA9C0h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97EB0 second address: E97EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E97EB6 second address: E97EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0FBD2FA9B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F0FBD2FA9B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98018 second address: E9801E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9801E second address: E98045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBD2FA9C2h 0x00000008 jmp 00007F0FBD2FA9C0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98045 second address: E9804B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9804B second address: E98054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B80A second address: E9B810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6B955 second address: E6B959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6BF79 second address: E6BF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C015 second address: E6C019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C17C second address: E6C1BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 js 00007F0FBC9C1266h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], esi 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F0FBC9C1268h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 add edi, 4BD6204Eh 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jnl 00007F0FBC9C1268h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C25E second address: E6C273 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0FBD2FA9BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C273 second address: E6C295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c ja 00007F0FBC9C126Ah 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F0FBC9C1266h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C295 second address: E6C299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C299 second address: E6C29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C29F second address: E6C2D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0FBD2FA9CDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f jne 00007F0FBD2FA9B8h 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007F0FBD2FA9B6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C4EC second address: E6C4FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBC9C126Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C8B6 second address: E6C8BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C8BA second address: E6C8C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CBB0 second address: E6CBDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBD2FA9C2h 0x00000008 jnp 00007F0FBD2FA9B6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F0FBD2FA9B6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CBDB second address: E6CBDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CBDF second address: E6CBF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F0FBD2FA9BCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CBF2 second address: E6CBF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CCF1 second address: E6CCF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CCF8 second address: E6CD4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a and cx, 8AE9h 0x0000000f lea eax, dword ptr [ebp+1248A6CCh] 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F0FBC9C1268h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f cld 0x00000030 nop 0x00000031 jnc 00007F0FBC9C1276h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push edi 0x0000003d pop edi 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6CD4D second address: E6CD67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BAE6 second address: E9BAF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 jl 00007F0FBC9C1266h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BDE7 second address: E9BDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BF36 second address: E9BF3D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C1C1 second address: E9C1C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C1C5 second address: E9C1F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0FBC9C1278h 0x0000000b jmp 00007F0FBC9C126Ah 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C1F0 second address: E9C1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA2555 second address: EA256F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0FBC9C1272h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB7C6 second address: EAB7D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB7D2 second address: EAB7D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB1F2 second address: EAB1FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC0FE second address: EAC113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC268 second address: EAC26E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC5C2 second address: EAC5CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC5CB second address: EAC5EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F0FBD2FA9BDh 0x0000000a popad 0x0000000b jl 00007F0FBD2FA9C2h 0x00000011 jnp 00007F0FBD2FA9BCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB0F59 second address: EB0F60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB10B5 second address: EB10C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9BFh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB191E second address: EB1928 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0FBC9C1272h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1928 second address: EB194A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0FBD2FA9B6h 0x0000000a jmp 00007F0FBD2FA9BDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 ja 00007F0FBD2FA9BEh 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB1D21 second address: EB1D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB0BFB second address: EB0C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0FBD2FA9BEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB0C13 second address: EB0C19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB5305 second address: EB532D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F0FBD2FA9B6h 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0FBD2FA9C4h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB532D second address: EB5331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB5605 second address: EB560A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB560A second address: EB5612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB5612 second address: EB562E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0FBD2FA9C5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E59 second address: EB7E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E5D second address: EB7E61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E61 second address: EB7E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0FBC9C1266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E72 second address: EB7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0FBD2FA9B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E83 second address: EB7E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7E87 second address: EB7E90 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB79F0 second address: EB79FE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7B27 second address: EB7B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7B2B second address: EB7B31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7B31 second address: EB7B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7B3B second address: EB7B57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1278h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7B57 second address: EB7B84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0FBD2FA9BCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e jmp 00007F0FBD2FA9C4h 0x00000013 pop edx 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB958F second address: EB9593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9593 second address: EB9597 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9597 second address: EB95AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0FBC9C1266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F0FBC9C1272h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBD329 second address: EBD354 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0FBD2FA9C7h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBD354 second address: EBD358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC110F second address: EC1115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC1115 second address: EC111D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5570 second address: EC5588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9C0h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5C03 second address: EC5C35 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0FBC9C1266h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F0FBC9C1266h 0x00000015 jmp 00007F0FBC9C1273h 0x0000001a popad 0x0000001b push esi 0x0000001c js 00007F0FBC9C1266h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5C35 second address: EC5C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 js 00007F0FBD2FA9C2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5C42 second address: EC5C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0FBC9C1266h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0FBC9C126Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C6D7 second address: E6C6DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C6DD second address: E6C747 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jc 00007F0FBC9C1266h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edx, 5B48AAC1h 0x00000012 mov edx, 728B3C05h 0x00000017 mov ebx, dword ptr [ebp+1248A70Bh] 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F0FBC9C1268h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 and edx, dword ptr [ebp+122D1AA8h] 0x0000003d add eax, ebx 0x0000003f or dword ptr [ebp+1245266Bh], esi 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F0FBC9C1278h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C747 second address: E6C763 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C763 second address: E6C780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C1279h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C780 second address: E6C7C9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edx, 420DB106h 0x00000010 push 00000004h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F0FBD2FA9B8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c mov dword ptr [ebp+12478DE6h], eax 0x00000032 nop 0x00000033 jbe 00007F0FBD2FA9BEh 0x00000039 jno 00007F0FBD2FA9B8h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6C7C9 second address: E6C7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5F85 second address: EC5F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC69EB second address: EC6A0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0FBC9C1278h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC903A second address: EC9040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC9040 second address: EC906B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F0FBC9C1279h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC906B second address: EC906F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0A91 second address: ED0AA1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0FBC9C1266h 0x00000008 jnl 00007F0FBC9C1266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0AA1 second address: ED0AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0AA6 second address: ED0ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1273h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0ABF second address: ED0AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0FBD2FA9BFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0AD8 second address: ED0AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0AE5 second address: ED0AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECED0A second address: ECED0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECF03F second address: ECF043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECF30C second address: ECF311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECF311 second address: ECF31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0FBD2FA9B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECF90A second address: ECF92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F0FBC9C1275h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECF92C second address: ECF932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFC52 second address: ECFC56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFC56 second address: ECFC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECFC60 second address: ECFC6E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1DE17 second address: E1DE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jl 00007F0FBD2FA9C4h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED4E11 second address: ED4E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F0FBC9C1276h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED4E2C second address: ED4E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0FBD2FA9BCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED5276 second address: ED527E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED527E second address: ED5284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED5284 second address: ED5297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F0FBC9C1266h 0x0000000d jbe 00007F0FBC9C1266h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED5297 second address: ED52CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0FBD2FA9C3h 0x0000000c jmp 00007F0FBD2FA9C8h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED52CB second address: ED52D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED55A4 second address: ED55C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0FBD2FA9B6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0FBD2FA9C1h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED55C4 second address: ED55CE instructions: 0x00000000 rdtsc 0x00000002 js 00007F0FBC9C1266h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3C6B second address: EE3C7D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0FBD2FA9B6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3C7D second address: EE3C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3C81 second address: EE3C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0FBD2FA9B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3C91 second address: EE3C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE1FC4 second address: EE1FDC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0FBD2FA9B6h 0x00000008 jmp 00007F0FBD2FA9BAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE1FDC second address: EE1FE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE22E2 second address: EE22F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE22F6 second address: EE2306 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jbe 00007F0FBC9C1266h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE2306 second address: EE230B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE2475 second address: EE247F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0FBC9C1266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE247F second address: EE249C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE249C second address: EE24A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE24A2 second address: EE24B0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE25CF second address: EE25E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C1271h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE25E6 second address: EE25EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE25EA second address: EE25EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE28B5 second address: EE28BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE28BB second address: EE28CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0FBC9C126Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE2BAD second address: EE2BDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0FBD2FA9BFh 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE2BDB second address: EE2BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE2BDF second address: EE2BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9C1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3421 second address: EE3429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3429 second address: EE3456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F0FBD2FA9C0h 0x0000000b jmp 00007F0FBD2FA9C6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE3456 second address: EE345D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE93B8 second address: EE93BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE93BC second address: EE93C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE93C5 second address: EE93CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5C3C second address: EF5C50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F0FBC9C1266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F0FBC9C1266h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5C50 second address: EF5C65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5C65 second address: EF5C6F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0FBC9C126Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E18CAB second address: E18CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E18CAF second address: E18CC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jnp 00007F0FBC9C1266h 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E18CC3 second address: E18CCE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007F0FBD2FA9B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF93DD second address: EF93E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF93E3 second address: EF93E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF93E7 second address: EF93F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0FBC9C1266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF93F3 second address: EF941C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0FBD2FA9B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jns 00007F0FBD2FA9B6h 0x00000013 jmp 00007F0FBD2FA9C3h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF8EE6 second address: EF8EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF9015 second address: EF9032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C3h 0x00000007 jno 00007F0FBD2FA9B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF9032 second address: EF903C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0FBC9C1272h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF903C second address: EF904A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0FBD2FA9B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF904A second address: EF9050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF9050 second address: EF9054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF9054 second address: EF9061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF9061 second address: EF9079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F0FBD2FA9B6h 0x0000000c popad 0x0000000d jmp 00007F0FBD2FA9BBh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFBD5A second address: EFBD80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F0FBC9C126Eh 0x0000000b popad 0x0000000c jp 00007F0FBC9C1286h 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F049F0 second address: F049F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F049F6 second address: F049FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E212AE second address: E212BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 ja 00007F0FBD2FA9B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E212BA second address: E212C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0FBC9C1266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E212C4 second address: E212D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jl 00007F0FBD2FA9B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E212D3 second address: E212E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0FBC9C1266h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E212E6 second address: E21314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jl 00007F0FBD2FA9CAh 0x0000000d jo 00007F0FBD2FA9B6h 0x00000013 jmp 00007F0FBD2FA9BEh 0x00000018 push ecx 0x00000019 jnl 00007F0FBD2FA9B6h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 pop ecx 0x00000022 push esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F138BC second address: F138C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F139F1 second address: F13A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0FBD2FA9C5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13B40 second address: F13B46 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13B46 second address: F13B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0FBD2FA9C6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13B62 second address: F13B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C126Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13B73 second address: F13BA3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0FBD2FA9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F0FBD2FA9B8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007F0FBD2FA9C1h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c js 00007F0FBD2FA9B6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13BA3 second address: F13BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F13D0C second address: F13D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F140DE second address: F140EB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0FBC9C1266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F140EB second address: F140F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F140F1 second address: F14106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C1270h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F14106 second address: F14116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0FBD2FA9B6h 0x0000000a jo 00007F0FBD2FA9B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F14282 second address: F142A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0FBC9C1266h 0x0000000a push edx 0x0000000b jmp 00007F0FBC9C1275h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F142A9 second address: F142AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F142AD second address: F142D7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007F0FBC9C1278h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 js 00007F0FBC9C1266h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F17450 second address: F1745E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F19B7D second address: F19B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1BB5E second address: F1BB68 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0FBD2FA9B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1BB68 second address: F1BB72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1BB72 second address: F1BB87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1B897 second address: F1B8A5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jbe 00007F0FBC9C1266h 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F204C4 second address: F204CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F204CA second address: F204EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0FBC9C1279h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F204EA second address: F204EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F204EE second address: F204F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F204F4 second address: F20511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBD2FA9C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F20511 second address: F20515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5D555 second address: F5D55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6C7C1 second address: F6C7C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6C986 second address: F6C98D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10301AE second address: 10301B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10301B4 second address: 10301F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007F0FBD2FA9BDh 0x00000011 jmp 00007F0FBD2FA9BFh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030344 second address: 1030348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030348 second address: 1030363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F0FBD2FA9B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0FBD2FA9BBh 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030363 second address: 1030367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030367 second address: 1030375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10304D1 second address: 103050C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBC9C126Bh 0x00000009 push esi 0x0000000a jmp 00007F0FBC9C1276h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0FBC9C1270h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103050C second address: 1030516 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030642 second address: 103064D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103064D second address: 1030669 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0FBD2FA9C0h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030669 second address: 1030673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0FBC9C1266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030801 second address: 103080B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F0FBD2FA9B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030A8A second address: 1030A90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030A90 second address: 1030AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0FBD2FA9C1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030AA7 second address: 1030AB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007F0FBC9C1266h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030D7D second address: 1030D82 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030D82 second address: 1030D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030D8D second address: 1030DA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1030DA1 second address: 1030DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F0FBC9C126Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10310A3 second address: 10310BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0FBD2FA9C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10353FA second address: 10353FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103571A second address: 1035735 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0FBD2FA9BAh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F0FBD2FA9B8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1035735 second address: 10357AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, dword ptr [ebp+122D2987h] 0x0000000f push 00000004h 0x00000011 mov dx, B736h 0x00000015 call 00007F0FBC9C1269h 0x0000001a jmp 00007F0FBC9C1272h 0x0000001f push eax 0x00000020 jmp 00007F0FBC9C126Dh 0x00000025 mov eax, dword ptr [esp+04h] 0x00000029 jmp 00007F0FBC9C1270h 0x0000002e mov eax, dword ptr [eax] 0x00000030 jmp 00007F0FBC9C1278h 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jg 00007F0FBC9C1266h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10357AF second address: 10357B5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0039 second address: 72F00FC instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F0FBC9C1274h 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F0FBC9C1270h 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F0FBC9C126Eh 0x0000001f add ecx, 2266E458h 0x00000025 jmp 00007F0FBC9C126Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F0FBC9C1278h 0x00000031 xor cx, 6EB8h 0x00000036 jmp 00007F0FBC9C126Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov eax, dword ptr fs:[00000030h] 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F0FBC9C126Bh 0x0000004c sub cl, 0000007Eh 0x0000004f jmp 00007F0FBC9C1279h 0x00000054 popfd 0x00000055 call 00007F0FBC9C1270h 0x0000005a pop esi 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F00FC second address: 72F0102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0102 second address: 72F0106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0106 second address: 72F0152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 18h 0x0000000b pushad 0x0000000c call 00007F0FBD2FA9C4h 0x00000011 mov edi, eax 0x00000013 pop ecx 0x00000014 mov edx, 3AAD1BA2h 0x00000019 popad 0x0000001a push ebp 0x0000001b jmp 00007F0FBD2FA9C6h 0x00000020 mov dword ptr [esp], ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movsx edi, ax 0x00000029 mov al, 68h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0152 second address: 72F0158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0158 second address: 72F018E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [eax+10h] 0x0000000e pushad 0x0000000f mov edx, eax 0x00000011 jmp 00007F0FBD2FA9BAh 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007F0FBD2FA9BDh 0x00000020 pop esi 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F018E second address: 72F01BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, AEh 0x00000005 movsx ebx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F0FBC9C1271h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0FBC9C126Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F01BB second address: 72F01C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F031E second address: 72F033E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bx, ABDEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F033E second address: 72F0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0343 second address: 72F0349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0349 second address: 72F034D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F034D second address: 72F0371 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0FBC9C1272h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0371 second address: 72F0375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0375 second address: 72F037B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F043F second address: 72F04C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F0FBD2FA9C7h 0x00000012 xor ecx, 2CD416DEh 0x00000018 jmp 00007F0FBD2FA9C9h 0x0000001d popfd 0x0000001e mov dx, cx 0x00000021 popad 0x00000022 mov dword ptr [esi], edi 0x00000024 jmp 00007F0FBD2FA9BAh 0x00000029 mov dword ptr [esi+04h], eax 0x0000002c jmp 00007F0FBD2FA9C0h 0x00000031 mov dword ptr [esi+08h], eax 0x00000034 jmp 00007F0FBD2FA9C0h 0x00000039 mov dword ptr [esi+0Ch], eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F04C9 second address: 72F04E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F04E6 second address: 72F0506 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c pushad 0x0000000d mov di, si 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ebx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0506 second address: 72F0525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+10h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0FBC9C1273h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0525 second address: 72F0554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 mov ebx, 5009DA96h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+50h] 0x00000010 jmp 00007F0FBD2FA9BDh 0x00000015 mov dword ptr [esi+14h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0FBD2FA9BDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0554 second address: 72F055A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F055A second address: 72F057D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b pushad 0x0000000c call 00007F0FBD2FA9C5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F057D second address: 72F05A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov edx, 505EA8E2h 0x0000000a popad 0x0000000b mov dword ptr [esi+18h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0FBC9C1274h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F05A1 second address: 72F063A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0FBD2FA9C1h 0x00000009 sub ax, 7166h 0x0000000e jmp 00007F0FBD2FA9C1h 0x00000013 popfd 0x00000014 mov dx, si 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+58h] 0x0000001d pushad 0x0000001e mov ebx, ecx 0x00000020 pushfd 0x00000021 jmp 00007F0FBD2FA9C4h 0x00000026 sub eax, 6610C438h 0x0000002c jmp 00007F0FBD2FA9BBh 0x00000031 popfd 0x00000032 popad 0x00000033 mov dword ptr [esi+1Ch], eax 0x00000036 pushad 0x00000037 mov dx, ax 0x0000003a pushad 0x0000003b jmp 00007F0FBD2FA9BEh 0x00000040 mov ax, A6F1h 0x00000044 popad 0x00000045 popad 0x00000046 mov eax, dword ptr [ebx+5Ch] 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F0FBD2FA9C6h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F063A second address: 72F0640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0640 second address: 72F065D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBD2FA9BCh 0x00000008 movzx eax, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+20h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F065D second address: 72F0677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F0FBC9C1274h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0677 second address: 72F067D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F067D second address: 72F0681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0681 second address: 72F06B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+60h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F0FBD2FA9C4h 0x00000012 adc esi, 032314E8h 0x00000018 jmp 00007F0FBD2FA9BBh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 mov al, 0Bh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F06B8 second address: 72F0730 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 6D035856h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esi+24h], eax 0x0000000d pushad 0x0000000e push esi 0x0000000f pushfd 0x00000010 jmp 00007F0FBC9C1275h 0x00000015 sub al, FFFFFFB6h 0x00000018 jmp 00007F0FBC9C1271h 0x0000001d popfd 0x0000001e pop eax 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+64h] 0x00000023 jmp 00007F0FBC9C1277h 0x00000028 mov dword ptr [esi+28h], eax 0x0000002b jmp 00007F0FBC9C1276h 0x00000030 mov eax, dword ptr [ebx+68h] 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0730 second address: 72F074D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F074D second address: 72F0800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c pushad 0x0000000d mov bh, cl 0x0000000f mov ch, dh 0x00000011 popad 0x00000012 mov ax, word ptr [ebx+6Ch] 0x00000016 jmp 00007F0FBC9C1270h 0x0000001b mov word ptr [esi+30h], ax 0x0000001f jmp 00007F0FBC9C1270h 0x00000024 mov ax, word ptr [ebx+00000088h] 0x0000002b jmp 00007F0FBC9C1270h 0x00000030 mov word ptr [esi+32h], ax 0x00000034 jmp 00007F0FBC9C1270h 0x00000039 mov eax, dword ptr [ebx+0000008Ch] 0x0000003f pushad 0x00000040 mov dx, ax 0x00000043 call 00007F0FBC9C126Ah 0x00000048 movzx esi, dx 0x0000004b pop ebx 0x0000004c popad 0x0000004d mov dword ptr [esi+34h], eax 0x00000050 jmp 00007F0FBC9C126Ah 0x00000055 mov eax, dword ptr [ebx+18h] 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F0FBC9C1277h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0800 second address: 72F0818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBD2FA9C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0818 second address: 72F081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0996 second address: 72F099C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F099C second address: 72F09A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F09A0 second address: 72F09E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a jmp 00007F0FBD2FA9BAh 0x0000000f js 00007F102D1C96C5h 0x00000015 pushad 0x00000016 mov di, si 0x00000019 pushfd 0x0000001a jmp 00007F0FBD2FA9BAh 0x0000001f xor esi, 113FA1F8h 0x00000025 jmp 00007F0FBD2FA9BBh 0x0000002a popfd 0x0000002b popad 0x0000002c mov eax, dword ptr [ebp-0Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F09E5 second address: 72F09EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F09EB second address: 72F0A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 popad 0x00000011 lea eax, dword ptr [ebx+78h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 mov dl, 2Bh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0A0C second address: 72F0A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C1274h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0A24 second address: 72F0A52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a pushad 0x0000000b mov edx, 09173200h 0x00000010 movsx edx, si 0x00000013 popad 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0FBD2FA9C7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0A52 second address: 72F0AB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 4251h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F0FBC9C1277h 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov eax, edx 0x00000016 pushfd 0x00000017 jmp 00007F0FBC9C1277h 0x0000001c add cx, E89Eh 0x00000021 jmp 00007F0FBC9C1279h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0AB2 second address: 72F0B43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0FBD2FA9C7h 0x00000008 pushfd 0x00000009 jmp 00007F0FBD2FA9C8h 0x0000000e sub esi, 2EC1B4F8h 0x00000014 jmp 00007F0FBD2FA9BBh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d lea eax, dword ptr [ebp-08h] 0x00000020 pushad 0x00000021 push ebx 0x00000022 mov cl, FCh 0x00000024 pop ebx 0x00000025 popad 0x00000026 nop 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov ax, di 0x0000002d pushfd 0x0000002e jmp 00007F0FBD2FA9C7h 0x00000033 sub esi, 33949E1Eh 0x00000039 jmp 00007F0FBD2FA9C9h 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0B43 second address: 72F0B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0B49 second address: 72F0B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0C5E second address: 72F0C64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0C64 second address: 72F0C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0C68 second address: 72F0D05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e mov ecx, 2EF0190Bh 0x00000013 mov ecx, 61053AE7h 0x00000018 popad 0x00000019 nop 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F0FBC9C1278h 0x00000021 jmp 00007F0FBC9C1275h 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F0FBC9C1270h 0x0000002d adc ax, 08A8h 0x00000032 jmp 00007F0FBC9C126Bh 0x00000037 popfd 0x00000038 popad 0x00000039 push eax 0x0000003a jmp 00007F0FBC9C1279h 0x0000003f nop 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F0FBC9C126Dh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D05 second address: 72F0D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 1CFFE102h 0x00000008 mov esi, ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d lea eax, dword ptr [ebp-18h] 0x00000010 jmp 00007F0FBD2FA9C5h 0x00000015 nop 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F0FBD2FA9BCh 0x0000001d or si, EFC8h 0x00000022 jmp 00007F0FBD2FA9BBh 0x00000027 popfd 0x00000028 mov edi, esi 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F0FBD2FA9C0h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D60 second address: 72F0D72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C126Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D72 second address: 72F0D76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D76 second address: 72F0D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0FBC9C126Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D8B second address: 72F0D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0D91 second address: 72F0D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0DBD second address: 72F0DF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cl, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edi, eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0FBD2FA9C1h 0x00000015 and cx, C506h 0x0000001a jmp 00007F0FBD2FA9C1h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0DF6 second address: 72F0E2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0FBC9C126Ah 0x00000009 or al, FFFFFFA8h 0x0000000c jmp 00007F0FBC9C126Bh 0x00000011 popfd 0x00000012 mov bx, si 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test edi, edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0FBC9C1271h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0E2E second address: 72F0E96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F102D1C9222h 0x0000000f jmp 00007F0FBD2FA9BEh 0x00000014 mov eax, dword ptr [ebp-14h] 0x00000017 pushad 0x00000018 mov edx, esi 0x0000001a mov dl, ah 0x0000001c popad 0x0000001d mov ecx, esi 0x0000001f jmp 00007F0FBD2FA9C5h 0x00000024 mov dword ptr [esi+0Ch], eax 0x00000027 jmp 00007F0FBD2FA9BEh 0x0000002c mov edx, 772406ECh 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov si, dx 0x00000037 mov al, dh 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0E96 second address: 72F0ED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dl 0x00000005 pushfd 0x00000006 jmp 00007F0FBC9C126Ah 0x0000000b adc ecx, 5399C858h 0x00000011 jmp 00007F0FBC9C126Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F0FBC9C1272h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0ED1 second address: 72F0F59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 call 00007F0FBD2FA9C0h 0x00000016 pop eax 0x00000017 popad 0x00000018 movsx ebx, ax 0x0000001b popad 0x0000001c pop edi 0x0000001d jmp 00007F0FBD2FA9BAh 0x00000022 test eax, eax 0x00000024 pushad 0x00000025 pushad 0x00000026 movzx eax, dx 0x00000029 push ebx 0x0000002a pop ecx 0x0000002b popad 0x0000002c mov eax, edx 0x0000002e popad 0x0000002f jne 00007F102D1C917Ch 0x00000035 pushad 0x00000036 push edx 0x00000037 mov edx, eax 0x00000039 pop ecx 0x0000003a pushfd 0x0000003b jmp 00007F0FBD2FA9C5h 0x00000040 or eax, 55DF5816h 0x00000046 jmp 00007F0FBD2FA9C1h 0x0000004b popfd 0x0000004c popad 0x0000004d mov edx, dword ptr [ebp+08h] 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0F59 second address: 72F0F6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0F6C second address: 72F0FB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b pushad 0x0000000c mov eax, 062D5BF3h 0x00000011 jmp 00007F0FBD2FA9C8h 0x00000016 popad 0x00000017 mov dword ptr [edx], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, 3ACFF710h 0x00000021 mov ch, bh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F0FB7 second address: 72F1016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c jmp 00007F0FBC9C1276h 0x00000011 mov dword ptr [edx+04h], eax 0x00000014 pushad 0x00000015 mov edx, esi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushfd 0x0000001a jmp 00007F0FBC9C1278h 0x0000001f jmp 00007F0FBC9C1275h 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F1016 second address: 72F1080 instructions: 0x00000000 rdtsc 0x00000002 call 00007F0FBD2FA9C0h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esi+08h] 0x0000000e pushad 0x0000000f mov cx, di 0x00000012 mov si, bx 0x00000015 popad 0x00000016 mov dword ptr [edx+08h], eax 0x00000019 pushad 0x0000001a call 00007F0FBD2FA9BBh 0x0000001f pushfd 0x00000020 jmp 00007F0FBD2FA9C8h 0x00000025 add ch, FFFFFFD8h 0x00000028 jmp 00007F0FBD2FA9BBh 0x0000002d popfd 0x0000002e pop ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0FBD2FA9BFh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F1080 second address: 72F109C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi+0Ch] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007F0FBC9C126Eh 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F11B1 second address: 72F11B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F11B6 second address: 72F11E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0FBC9C1275h 0x00000009 or ecx, 2F46A0D6h 0x0000000f jmp 00007F0FBC9C1271h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F11E9 second address: 72F11F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [edx+1Ch], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F11F8 second address: 72F11FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F11FF second address: 72F122F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0FBD2FA9C7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F122F second address: 72F1237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F1237 second address: 72F129E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [edx+20h], eax 0x0000000a pushad 0x0000000b call 00007F0FBD2FA9BAh 0x00000010 mov ah, BDh 0x00000012 pop edi 0x00000013 popad 0x00000014 mov eax, dword ptr [esi+24h] 0x00000017 jmp 00007F0FBD2FA9C9h 0x0000001c mov dword ptr [edx+24h], eax 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F0FBD2FA9BCh 0x00000026 and si, 6548h 0x0000002b jmp 00007F0FBD2FA9BBh 0x00000030 popfd 0x00000031 push ecx 0x00000032 mov bx, 06EAh 0x00000036 pop edi 0x00000037 popad 0x00000038 mov eax, dword ptr [esi+28h] 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e movzx ecx, di 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F129E second address: 72F1365 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0FBC9C126Fh 0x00000008 or ax, 603Eh 0x0000000d jmp 00007F0FBC9C1279h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 call 00007F0FBC9C1270h 0x0000001a mov ecx, 2D84C911h 0x0000001f pop esi 0x00000020 popad 0x00000021 mov dword ptr [edx+28h], eax 0x00000024 jmp 00007F0FBC9C126Dh 0x00000029 mov ecx, dword ptr [esi+2Ch] 0x0000002c pushad 0x0000002d pushad 0x0000002e mov eax, 7F8F56B9h 0x00000033 mov eax, 7145A575h 0x00000038 popad 0x00000039 call 00007F0FBC9C1272h 0x0000003e movzx esi, dx 0x00000041 pop ebx 0x00000042 popad 0x00000043 mov dword ptr [edx+2Ch], ecx 0x00000046 pushad 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b pushfd 0x0000004c jmp 00007F0FBC9C1270h 0x00000051 sub si, 1128h 0x00000056 jmp 00007F0FBC9C126Bh 0x0000005b popfd 0x0000005c popad 0x0000005d mov ax, word ptr [esi+30h] 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F0FBC9C1275h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F1365 second address: 72F136B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F136B second address: 72F138B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0FBC9C1272h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F138B second address: 72F139F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ax, word ptr [esi+32h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F139F second address: 72F13A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F13A3 second address: 72F13A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F13A7 second address: 72F13AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F13AD second address: 72F1408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 752Eh 0x00000007 pushfd 0x00000008 jmp 00007F0FBD2FA9BFh 0x0000000d and ah, FFFFFFDEh 0x00000010 jmp 00007F0FBD2FA9C9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov word ptr [edx+32h], ax 0x0000001d pushad 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F0FBD2FA9BAh 0x00000025 or si, 5DD8h 0x0000002a jmp 00007F0FBD2FA9BBh 0x0000002f popfd 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F1408 second address: 72F14C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007F0FBC9C1276h 0x0000000a pushfd 0x0000000b jmp 00007F0FBC9C1272h 0x00000010 add ch, 00000068h 0x00000013 jmp 00007F0FBC9C126Bh 0x00000018 popfd 0x00000019 pop ecx 0x0000001a popad 0x0000001b mov eax, dword ptr [esi+34h] 0x0000001e jmp 00007F0FBC9C126Fh 0x00000023 mov dword ptr [edx+34h], eax 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F0FBC9C1274h 0x0000002d add eax, 65024CF8h 0x00000033 jmp 00007F0FBC9C126Bh 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007F0FBC9C1278h 0x0000003f jmp 00007F0FBC9C1275h 0x00000044 popfd 0x00000045 popad 0x00000046 test ecx, 00000700h 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F14C0 second address: 72F14C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F14C4 second address: 72F14CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F14CA second address: 72F14EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F102D1C8BEDh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F14EC second address: 72F14F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F14F0 second address: 72F150D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F150D second address: 72F15AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov esi, 2A0162BFh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e or dword ptr [edx+38h], FFFFFFFFh 0x00000012 pushad 0x00000013 movzx esi, dx 0x00000016 pushfd 0x00000017 jmp 00007F0FBC9C126Dh 0x0000001c jmp 00007F0FBC9C126Bh 0x00000021 popfd 0x00000022 popad 0x00000023 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000027 pushad 0x00000028 push esi 0x00000029 pushad 0x0000002a popad 0x0000002b pop edx 0x0000002c pushfd 0x0000002d jmp 00007F0FBC9C126Eh 0x00000032 jmp 00007F0FBC9C1275h 0x00000037 popfd 0x00000038 popad 0x00000039 or dword ptr [edx+40h], FFFFFFFFh 0x0000003d pushad 0x0000003e call 00007F0FBC9C126Ch 0x00000043 push esi 0x00000044 pop ebx 0x00000045 pop esi 0x00000046 mov ax, dx 0x00000049 popad 0x0000004a pop esi 0x0000004b jmp 00007F0FBC9C1279h 0x00000050 pop ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F0FBC9C126Dh 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7320DA5 second address: 7320DE5 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0FBD2FA9BDh 0x00000008 or esi, 45ECA3D6h 0x0000000e jmp 00007F0FBD2FA9C1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov esi, 3C725347h 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F0FBD2FA9BAh 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72E0A2E second address: 72E0A83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bh 0x00000005 pushfd 0x00000006 jmp 00007F0FBC9C1270h 0x0000000b xor ecx, 62354ED8h 0x00000011 jmp 00007F0FBC9C126Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F0FBC9C1276h 0x00000020 push eax 0x00000021 pushad 0x00000022 push edi 0x00000023 movzx eax, bx 0x00000026 pop ebx 0x00000027 mov cx, 6505h 0x0000002b popad 0x0000002c xchg eax, ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72E0A83 second address: 72E0A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72E0A87 second address: 72E0AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72E0AA4 second address: 72E0AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F0FBD2FA9C3h 0x0000000b jmp 00007F0FBD2FA9C3h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov ebp, esp 0x00000016 jmp 00007F0FBD2FA9C6h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dx, FFA0h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0010 second address: 72A0022 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C126Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0022 second address: 72A0048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0FBD2FA9C0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0048 second address: 72A004E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A06F7 second address: 72A06FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, bh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A06FE second address: 72A0718 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C1276h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0718 second address: 72A0741 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0FBD2FA9C5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0741 second address: 72A0748 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0748 second address: 72A0756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0756 second address: 72A075A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A075A second address: 72A0775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBD2FA9C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0775 second address: 72A07B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C1279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0FBC9C126Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F0FBC9C126Dh 0x00000019 mov si, 5C27h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0B82 second address: 72A0B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0B86 second address: 72A0B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0FBC9C126Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0B99 second address: 72A0BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBD2FA9C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0BB1 second address: 72A0BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0BB5 second address: 72A0BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov esi, edx 0x0000000e mov bl, 19h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0BC6 second address: 72A0BFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0FBC9C126Dh 0x00000008 pop esi 0x00000009 jmp 00007F0FBC9C1271h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0FBC9C126Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0BFD second address: 72A0C4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0FBD2FA9BAh 0x00000009 jmp 00007F0FBD2FA9C5h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov ebp, esp 0x00000014 jmp 00007F0FBD2FA9BEh 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0FBD2FA9C7h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D0054 second address: 72D005A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D005A second address: 72D005F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D005F second address: 72D0099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0FBC9C1279h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F0FBC9C126Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D0099 second address: 72D009F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D009F second address: 72D00AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0FBC9C126Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D00AE second address: 72D00B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D00B2 second address: 72D00CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF0h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0FBC9C1270h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D00CF second address: 72D00D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D00D5 second address: 72D00D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D00D9 second address: 72D0113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 44h 0x0000000b jmp 00007F0FBD2FA9C9h 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop esi 0x00000016 jmp 00007F0FBD2FA9BFh 0x0000001b popad 0x0000001c rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CB482C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CB2062 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: EEF3B5 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1233 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1231 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1679 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1220 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1243 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 421 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 9924 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.2 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7700 Thread sleep count: 40 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7700 Thread sleep time: -80040s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7680 Thread sleep count: 1233 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7680 Thread sleep time: -2467233s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7812 Thread sleep time: -36000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7688 Thread sleep count: 1231 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7688 Thread sleep time: -2463231s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7696 Thread sleep count: 1679 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7696 Thread sleep time: -3359679s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7676 Thread sleep count: 1220 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7676 Thread sleep time: -2441220s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7692 Thread sleep count: 1243 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7692 Thread sleep time: -2487243s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7696 Thread sleep count: 421 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7696 Thread sleep time: -842421s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4092 Thread sleep count: 9924 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4092 Thread sleep time: -992400s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4092 Thread sleep count: 75 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: Amcache.hve.19.dr Binary or memory string: VMware
Source: Amcache.hve.19.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.19.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.19.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.19.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.19.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.19.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.19.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.19.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.19.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.19.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.19.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000009.00000002.1666764511.000002427CEE8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.19.dr Binary or memory string: vmci.sys
Source: Amcache.hve.19.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.19.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.19.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.19.dr Binary or memory string: VMware20,1
Source: Amcache.hve.19.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.19.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.19.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.19.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.19.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.19.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.19.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.19.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.19.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.19.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.19.dr Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.19.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_00108230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 14_2_00108230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_0010116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 14_2_0010116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_00101160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 14_2_00101160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_001011A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 14_2_001011A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_001013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 14_2_001013C9
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 14_2_6CA384D0 cpuid 14_2_6CA384D0
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.19.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.19.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.19.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.19.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.19.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 14.2.service123.exe.6c9b0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 5740, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562321 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 50 Suricata IDS alerts for network traffic 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 6 other signatures 2->56 7 file.exe 5 3 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        16 2 other processes 2->16 process3 dnsIp4 40 fvtekk5pn.top 34.116.198.130, 49699, 49745, 49756 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->40 42 127.0.0.1 unknown unknown 7->42 44 home.fvtekk5pn.top 7->44 36 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->36 dropped 38 C:\Users\user\AppData\...\service123.exe, PE32 7->38 dropped 64 Attempt to bypass Chrome Application-Bound Encryption 7->64 66 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->66 68 Uses schtasks.exe or at.exe to add and modify task schedules 7->68 70 7 other signatures 7->70 18 service123.exe 7->18         started        21 WerFault.exe 21 16 7->21         started        24 chrome.exe 7->24         started        27 schtasks.exe 1 7->27         started        file5 signatures6 process7 dnsIp8 58 Multi AV Scanner detection for dropped file 18->58 60 Found evasive API chain (may stop execution after checking mutex) 18->60 62 Found stalling execution ending in API Sleep call 18->62 34 C:\ProgramData\Microsoft\...\Report.wer, Unicode 21->34 dropped 46 239.255.255.250 unknown Reserved 24->46 29 chrome.exe 24->29         started        32 conhost.exe 27->32         started        file9 signatures10 process11 dnsIp12 48 www.google.com 142.250.181.68, 443, 49770, 49774 GOOGLEUS United States 29->48
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.181.68
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 142.250.181.68 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high