Edit tour

Windows Analysis Report
q3na5Mc.exe

Overview

General Information

Sample name:	q3na5Mc.exe
Analysis ID:	1627190
MD5:	b12613919e61cc2fcff6eb82ceab1d20
SHA1:	88afc6a674c6f547f0a3289c7eaa78c5dfd3ede2
SHA256:	9dd603c9bbf8690dc426ff5b50911ae982a79de4f47d96878f4debd5180e754b
Tags:	exevidaruser-aachum
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

Hides threads from debuggers

Joe Sandbox ML detected suspicious sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Browser Started with Remote Debugging

Uses 32bit PE files

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

q3na5Mc.exe (PID: 7604 cmdline: "C:\Users\user\Desktop\q3na5Mc.exe" MD5: B12613919E61CC2FCFF6EB82CEAB1D20)

chrome.exe (PID: 2076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2032,i,7998492041793815231,8922312934255648628,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1940,i,15592455425814951278,5020023877692064407,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,12500697406976344934,13105015910300287185,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2156,i,11188581121888817312,6875919620178727185,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2380,i,8001218799654449943,6623514104224635990,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2308,i,11059253417230230044,9941728646549482317,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2340,i,17985702300382429747,1130934232543567300,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1128,i,493915582542698700,1539593171728772100,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,3525743182172609295,16950739648358668730,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2336,i,15526908829217412404,11220468948026717813,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2348,i,14290890633409597707,10078547140900380128,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2340,i,11498279678325188463,17266732332241497530,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2320,i,18283665317459919449,10696787232748000948,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1132,i,13511867980348265246,15321250391913517174,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2004,i,5438365302652956325,14598295700301456704,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: q3na5Mc.exe PID: 7604	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: q3na5Mc.exe PID: 7604	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\q3na5Mc.exe", ParentImage: C:\Users\user\Desktop\q3na5Mc.exe, ParentProcessId: 7604, ParentProcessName: q3na5Mc.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2076, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:11:32.443787+0100	2044247	1	Malware Command and Control Activity Detected	116.202.176.139	443	192.168.2.4	49737	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:11:36.342727+0100	2051831	1	Malware Command and Control Activity Detected	116.202.176.139	443	192.168.2.4	49738	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:11:30.706759+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49736	116.202.176.139	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:11:53.136889+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49740	116.202.176.139	443	TCP
2025-03-01T16:13:23.486547+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50026	116.202.176.139	443	TCP
2025-03-01T16:13:24.356064+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50028	116.202.176.139	443	TCP
2025-03-01T16:13:25.323159+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50030	116.202.176.139	443	TCP
2025-03-01T16:13:28.123820+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50032	116.202.176.139	443	TCP
2025-03-01T16:15:22.002570+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50086	116.202.176.139	443	TCP
2025-03-01T16:15:23.750205+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50088	116.202.176.139	443	TCP
2025-03-01T16:15:25.748943+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50089	116.202.176.139	443	TCP
2025-03-01T16:15:29.417456+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50092	116.202.176.139	443	TCP
2025-03-01T16:15:33.620624+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	50094	116.202.176.139	443	TCP

ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:13:24.356064+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50028	116.202.176.139	443	TCP
2025-03-01T16:13:25.323159+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50030	116.202.176.139	443	TCP
2025-03-01T16:13:28.123820+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50032	116.202.176.139	443	TCP
2025-03-01T16:15:23.750205+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50088	116.202.176.139	443	TCP
2025-03-01T16:15:25.748943+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50089	116.202.176.139	443	TCP
2025-03-01T16:15:29.417456+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50092	116.202.176.139	443	TCP
2025-03-01T16:15:33.620624+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	50094	116.202.176.139	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T16:11:29.289735+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49735	116.202.176.139	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: q3na5Mc.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: q3na5Mc.exe	ReversingLabs: Detection: 68%
Source: q3na5Mc.exe	Virustotal: Detection: 62%			Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: q3na5Mc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.4:49734 version: TLS 1.2

Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49736 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49735 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.202.176.139:443 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49740 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50026 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50032 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50032 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50028 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50028 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.202.176.139:443 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50030 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50030 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50086 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50092 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50092 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50094 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50094 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50088 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50088 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50089 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50089 -> 116.202.176.139:443

Source: global traffic

HTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: z.formaxprime.co.ukConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000003.3000393249.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2999648979.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2999538664.00005D6802580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000008.00000003.3000393249.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2999648979.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2999538664.00005D6802580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404442798.00001D6C002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: z.formaxprime.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4ozm7y5x4e3ozmo8qq9hUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: z.formaxprime.co.ukContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/14231362:
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/46338
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/500788
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881http://anglebug.com/5881
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000008.00000002.3206654478.00005D680220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/68603
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208327778.00005D68025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402742449.00001D6C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/70476
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/74067
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402742449.00001D6C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724har
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760DM
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/828088
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/currents
Source: chrome.exe, 00000008.00000002.3209461585.00005D6802878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407520114.00001D6C005E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000008.00000002.3202984304.000001EAD778D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.veris
Source: q3na5Mc.exe, 00000000.00000003.4191864058.00000000057C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: q3na5Mc.exe, 00000000.00000003.4122716258.00000000056E3000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.00000000056E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownl
Source: q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: q3na5Mc.exe, 00000000.00000003.4189138607.0000000005561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6ead40f8ad445
Source: q3na5Mc.exe, 00000000.00000003.4110719780.0000000005561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f8cc52551827e
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabN(
Source: chrome.exe, 00000008.00000002.3206731389.00005D680225B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402805555.00001D6C0005F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000008.00000003.3006455263.00005D6803248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006653782.00005D6803264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006310083.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006565461.00005D6803178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291918978.00001D6C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291022885.00001D6C010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3290933066.00001D6C010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291824060.00001D6C00F94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000008.00000003.3006492313.00005D6803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006455263.00005D6803248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007867058.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007842090.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006653782.00005D6803264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D68026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007919847.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207918418.00005D68024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006310083.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007804858.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006565461.00005D6803178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293312049.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293341583.00001D6C009D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291918978.00001D6C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291022885.00001D6C010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3290933066.00001D6C010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000008.00000003.3006492313.00005D6803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006455263.00005D6803248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007867058.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007842090.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006653782.00005D6803264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D68026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007919847.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207918418.00005D68024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006310083.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007804858.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006565461.00005D6803178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293312049.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293341583.00001D6C009D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291918978.00001D6C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291022885.00001D6C010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3290933066.00001D6C010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000008.00000003.3006492313.00005D6803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006455263.00005D6803248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007867058.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007842090.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006653782.00005D6803264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D68026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007919847.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207918418.00005D68024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006310083.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007804858.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006565461.00005D6803178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293312049.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293341583.00001D6C009D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291918978.00001D6C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291022885.00001D6C010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3290933066.00001D6C010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000008.00000003.3006492313.00005D6803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006455263.00005D6803248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007867058.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007842090.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006653782.00005D6803264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D68026A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007919847.00005D68031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207918418.00005D68024FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006310083.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007804858.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3006565461.00005D6803178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293312049.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293341583.00001D6C009D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291918978.00001D6C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291022885.00001D6C010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3290933066.00001D6C010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 0000000D.00000002.3410720087.00001D6C00AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410047423.00001D6C009A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410047423.00001D6C009A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/a
Source: chrome.exe, 0000000D.00000002.3410720087.00001D6C00AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: chrome.exe, 00000008.00000002.3210934601.00005D6802C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410192753.00001D6C009E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000008.00000002.3206900652.00005D680228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403029986.00001D6C0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000008.00000002.3211794564.00005D6802EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208327778.00005D68025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3412028875.00001D6C00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409007604.00001D6C007D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3405618966.00001D6C003C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3412028875.00001D6C00CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402742449.00001D6C0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000008.00000002.3206969125.00005D68022A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403168495.00001D6C000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000008.00000002.3206969125.00005D68022A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403168495.00001D6C000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000008.00000002.3206969125.00005D68022A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403168495.00001D6C000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000008.00000002.3206900652.00005D680228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403029986.00001D6C0008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000008.00000002.3211794564.00005D6802EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208327778.00005D68025B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comh
Source: chrome.exe, 0000000D.00000002.3405618966.00001D6C003C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.coml
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208622184.00005D6802690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/73692
Source: chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000008.00000003.2991387060.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994791281.00005D6802580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2994833571.00005D6802A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067380845.00001150025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3068350559.000011500260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3286000987.00001D6C00674000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410763900.00001D6C00AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3282107064.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3285933494.00001D6C0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312499134.00004CF8003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000008.00000002.3209319554.00005D6802848000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: chrome.exe, 00000008.00000002.3208843967.00005D68026F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406373630.00001D6C004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions0
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411475277.00001D6C00C5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoeb
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000008.00000002.3211644794.00005D6802E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000008.00000002.3211644794.00005D6802E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000008.00000002.3211399101.00005D6802D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411062811.00001D6C00BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000008.00000002.3211399101.00005D6802D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411062811.00001D6C00BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000008.00000002.3211399101.00005D6802D94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411062811.00001D6C00BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407682305.00001D6C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 0000000D.00000002.3403417924.00001D6C00124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.gR
Source: chrome.exe, 0000000D.00000003.3287507624.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3482899466.00004CF800020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407520114.00001D6C005E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212526860.00005D6803018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210934601.00005D6802C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210708454.00005D6802B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3415200605.00001D6C00FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3413529647.00001D6C00E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410192753.00001D6C009E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000008.00000002.3210934601.00005D6802C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enP
Source: chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enoxl
Source: chrome.exe, 00000008.00000002.3210934601.00005D6802C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enpH;
Source: chrome.exe, 00000008.00000003.2995532291.00005D6802F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2997440881.00005D6802F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008132036.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211874800.00005D6802EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995442168.00005D6802ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211848560.00005D6802EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3007713693.00005D6802EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2997797165.00005D6802F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3412292704.00001D6C00D1F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3291972743.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294578429.00001D6C00338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3288183738.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404735139.00001D6C00318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3412388007.00001D6C00D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3287456457.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409428271.00001D6C0087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416217444.00001D6C0107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3289286406.00001D6C00D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3288088784.00001D6C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294658884.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3287507624.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000D.00000002.3407520114.00001D6C005E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorel
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2978110474.0000007C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042993836.0000283000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252655143.0000746000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000008.00000002.3206654478.00005D680220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3105032953.000011500238C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403707574.00001D6C0018C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3482899466.00004CF800020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000008.00000002.3211729790.00005D6802E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 0000000B.00000002.3103341895.000002AB7A749000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/repo
Source: chrome.exe, 00000008.00000003.2968399086.00006A1C002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2968382211.00006A1C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3040678611.00001F1C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3040701600.00001F1C002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3246573253.00007D14002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3246539903.00007D14002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3305451719.00001164002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3305426329.00001164002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.3374235824.00000ADC002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000D.00000002.3403224567.00001D6C000D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000008.00000002.3209319554.00005D6802848000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3206654478.00005D680220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209426523.00005D6802868000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2985409955.00005D680269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209613442.00005D68028C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209651337.00005D68028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211644794.00005D6802E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3104395930.0000115002240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408139475.00001D6C006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407989713.00001D6C0066C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407682305.00001D6C00618000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402742449.00001D6C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3482954564.00004CF800040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.3453070619.000079E402240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 0000000D.00000002.3397007340.000000A4BC7FD000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxI&)
Source: chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000008.00000002.3210853803.00005D6802BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000008.00000003.2994315367.00005D6802678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407520114.00001D6C005E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
Source: chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1rj
Source: chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
Source: chrome.exe, 0000000D.00000002.3410510514.00001D6C00A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000008.00000002.3208077855.00005D680251C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404735139.00001D6C00318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404442798.00001D6C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211761911.00005D6802E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211761911.00005D6802E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411827419.00001D6C00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211761911.00005D6802E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411827419.00001D6C00CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404442798.00001D6C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.3208843967.00005D68026F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406373630.00001D6C004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404442798.00001D6C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.3208843967.00005D68026F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3213374992.00005D680322C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406373630.00001D6C004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000008.00000002.3208077855.00005D680251C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404735139.00001D6C00318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000008.00000002.3208077855.00005D680251C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404735139.00001D6C00318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 0000000D.00000003.3293645135.00001D6C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 0000000D.00000003.3281527868.00001D6C0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208258069.00005D6802594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3405363432.00001D6C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408810617.00001D6C00790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.3211644794.00005D6802E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000008.00000002.3206654478.00005D680220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000008.00000002.3209240735.00005D680280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210343563.00005D6802A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000008.00000002.3210245052.00005D6802A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411752204.00001D6C00CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000008.00000003.2978110474.0000007C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252655143.0000746000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 0000000B.00000003.3042993836.0000283000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj0(
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2978110474.0000007C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042993836.0000283000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252655143.0000746000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000008.00000003.2978110474.0000007C00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042993836.0000283000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252655143.0000746000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 0000000F.00000003.3307611519.0000339800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3206695075.00005D6802230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402692660.00001D6C0000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000008.00000002.3209319554.00005D6802848000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407520114.00001D6C005E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000008.00000002.3211670689.00005D6802E58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104explicitlyCastMediumpFloatTo16Bit
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 0000000F.00000003.3314029027.00004CF80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210964341.00005D6802C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210964341.00005D6802C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000008.00000003.3020704196.00005D680316C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/
Source: chrome.exe, 00000015.00000002.3567148266.00000BB800237000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000015.00000002.3567148266.00000BB800237000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000B.00000002.3106372294.0000283000238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard(0$
Source: chrome.exe, 0000000B.00000002.3107274501.0000283000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard(0wZ
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000F.00000002.3479730634.0000339800237000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481104826.0000339800770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard3
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000008.00000002.3199801930.0000007C00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107274501.0000283000770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422194847.0000746000770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481104826.0000339800770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000D.00000002.3420592200.0000746000237000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422194847.0000746000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardt
Source: chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000D.00000002.3408038028.00001D6C00688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source
Source: chrome.exe, 00000008.00000002.3208515833.00005D680260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028460765.00005D6803590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293645135.00001D6C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293645135.00001D6C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000008.00000002.3200354019.0000007C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973138344.0000007C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2973942906.0000007C0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3042110179.0000283000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067020960.000028300080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422548294.000074600080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3252198918.000074600039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3251886392.0000746000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306529117.0000339800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 0000000F.00000003.3308284359.00003398006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481057687.0000339800744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000F.00000003.3306761275.000033980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000008.00000002.3199989059.0000007C0078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107337308.000028300078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422292926.000074600078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481201214.000033980078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000008.00000002.3199687522.0000007C00744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000002.3107245678.0000283000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3422146792.0000746000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3481057687.0000339800744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000008.00000002.3208114874.00005D6802530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3020799373.00005D6803084000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3279434077.00001D6C001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3311088242.00004CF8001C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207079318.00005D68022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403313042.00001D6C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000D.00000002.3408038028.00001D6C00688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab
Source: chrome.exe, 00000008.00000002.3208515833.00005D680260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028460765.00005D6803590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207079318.00005D68022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403313042.00001D6C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207079318.00005D68022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403313042.00001D6C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207079318.00005D68022EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208258069.00005D6802594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403313042.00001D6C000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3405363432.00001D6C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.3208843967.00005D68026F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406373630.00001D6C004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000008.00000002.3210075853.00005D68029B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212865195.00005D68030C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208696122.00005D68026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210708454.00005D6802B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406018179.00001D6C00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3414799799.00001D6C00F74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000008.00000002.3210075853.00005D68029B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212865195.00005D68030C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208696122.00005D68026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407682305.00001D6C00618000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406018179.00001D6C00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000008.00000002.3212865195.00005D68030C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409277840.00001D6C00844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000008.00000002.3210767028.00005D6802BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210708454.00005D6802BAB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409941410.00001D6C0097F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000008.00000002.3214041562.00005D68035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 0000000D.00000002.3410816368.00001D6C00AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3418442639.00001D6C011E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000008.00000002.3214041562.00005D68035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000008.00000002.3214041562.00005D68035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000008.00000002.3211163163.00005D6802CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000008.00000003.2996263283.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212409004.00005D6802FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212379212.00005D6802FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000008.00000002.3211163163.00005D6802CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000008.00000003.2996263283.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000008.00000003.2996263283.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000008.00000003.2996263283.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212379212.00005D6802FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000008.00000003.2996263283.00005D680297C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212314300.00005D6802FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212379212.00005D6802FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211590169.00005D6802E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3212348074.00005D6802FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.2995691901.00005D6802E34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000008.00000002.3210767028.00005D6802BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210708454.00005D6802BAB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409941410.00001D6C0097F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000008.00000003.3008467057.00005D6803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008254332.00005D6802630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3008555480.00005D6803438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294322574.00001D6C01140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3294718084.00001D6C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3293645135.00001D6C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 0000000D.00000002.3409881004.00001D6C00944000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000011.00000002.3454730895.000079E402394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 0000000F.00000002.3483257587.00004CF80008C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingL
Source: chrome.exe, 00000011.00000002.3454730895.000079E402394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211761911.00005D6802E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.3210103236.00005D68029D1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210217771.00005D6802A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211761911.00005D6802E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411902177.00001D6C00CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408903929.00001D6C0079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000008.00000002.3208515833.00005D680260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028460765.00005D6803590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: q3na5Mc.exe, 00000000.00000003.1728175986.00000000047F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832
Source: q3na5Mc.exe, 00000000.00000003.1728175986.00000000047F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
Source: q3na5Mc.exe, 00000000.00000003.4190178091.0000000005679000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: q3na5Mc.exe, 00000000.00000003.2931479832.0000000005654000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: q3na5Mc.exe, 00000000.00000003.4190178091.0000000005679000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: q3na5Mc.exe, 00000000.00000003.2931479832.0000000005654000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: q3na5Mc.exe, 00000000.00000003.1756570624.0000000000A64000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791511059.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1756618830.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oy
Source: q3na5Mc.exe, 00000000.00000003.1756570624.0000000000A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oy=A
Source: q3na5Mc.exe, 00000000.00000003.1728175986.00000000047F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oyir7amMozilla/5.0
Source: chrome.exe, 00000008.00000002.3210934601.00005D6802C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410192753.00001D6C009E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: q3na5Mc.exe, 00000000.00000003.1756570624.0000000000A64000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1756618830.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: q3na5Mc.exe, 00000000.00000003.2964917986.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4136545718.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4113232548.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4134071497.0000000005702000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2950948397.0000000005702000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408082434.00001D6C00698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411475277.00001D6C00C5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411475277.00001D6C00C5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411475277.00001D6C00C5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: q3na5Mc.exe, 00000000.00000003.4110418766.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4234220155.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4154183543.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3278514628.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.3273149475.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4135820693.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.4192243677.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: chrome.exe, 00000008.00000003.3006702494.00005D68024A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3417315063.00001D6C01198000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000D.00000003.3287507624.00001D6C00D50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000008.00000002.3210245052.00005D6802A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211484849.00005D6802DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411400193.00001D6C00C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409007604.00001D6C007D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000008.00000002.3213438658.00005D68032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411475277.00001D6C00C5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 0000000D.00000002.3414945407.00001D6C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 0000000D.00000002.3414945407.00001D6C00FC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0#
Source: chrome.exe, 00000008.00000002.3213499801.00005D68032D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 0000000D.00000002.3416722196.00001D6C01114000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promosl
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210651544.00005D6802B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209695431.00005D6802900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210343563.00005D6802A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3415200605.00001D6C00FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409789603.00001D6C00918000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000008.00000002.3207545632.00005D68023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210651544.00005D6802B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209695431.00005D6802900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3210343563.00005D6802A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3415200605.00001D6C00FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3403928075.00001D6C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3409789603.00001D6C00918000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408953046.00001D6C007AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000008.00000002.3208843967.00005D68026F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209848229.00005D680293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3411199891.00001D6C00BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406373630.00001D6C004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408247648.00001D6C006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3407171484.00001D6C00584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000008.00000002.3209095028.00005D68027B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoh
Source: chrome.exe, 0000000D.00000002.3411199891.00001D6C00BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icostate
Source: chrome.exe, 00000008.00000002.3211450338.00005D6802DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icowait).
Source: chrome.exe, 0000000D.00000002.3408038028.00001D6C00688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl
Source: chrome.exe, 00000008.00000002.3208515833.00005D680260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028460765.00005D6803590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 0000000D.00000003.3293645135.00001D6C00E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000008.00000002.3210991635.00005D6802C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3410192753.00001D6C009E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000008.00000003.3006702494.00005D68024A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000008.00000002.3206654478.00005D680220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3402742449.00001D6C0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000008.00000002.3207621484.00005D680240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067420058.000011500245C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067511945.0000115002464000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000B.00000003.3067454476.0000115002460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404032732.00001D6C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312551340.00004CF80025C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312767594.00004CF800264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.3312677908.00004CF800260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3417315063.00001D6C01198000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 0000000D.00000003.3295512763.00001D6C00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3417315063.00001D6C01198000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000008.00000002.3208732249.00005D68026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3406120831.00001D6C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000003.3024036466.00005D68035C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3024136852.00005D6803574000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3024011827.00005D6803238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3214074928.00005D68035C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028460765.00005D6803590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000002.3214041562.00005D68035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3211565327.00005D6802E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ewNYOTtoM3M.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000008.00000002.3214041562.00005D68035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3028522658.00005D6803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.3022639399.00005D680363C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.D8RxnyMyyQs.L.W.O/m=qmd
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000008.00000002.3207872220.00005D68024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.3209905644.00005D6802972000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3404442798.00001D6C002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C00722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: q3na5Mc.exe, 00000000.00000003.1756618830.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/
Source: q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/$
Source: q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/-
Source: q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/2
Source: q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/5
Source: q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/7
Source: q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/My
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/Z
Source: q3na5Mc.exe, 00000000.00000003.2085699434.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/d
Source: q3na5Mc.exe, 00000000.00000003.2920082661.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/g
Source: q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/l
Source: q3na5Mc.exe, 00000000.00000003.2085699434.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777799515.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1777688911.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.2920082661.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/o
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/ontent-Disposition:
Source: q3na5Mc.exe, 00000000.00000003.2920082661.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/s92o4p.default-release
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, q3na5Mc.exe, 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/t
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/w3
Source: q3na5Mc.exe, 00000000.00000003.1791528888.0000000000A61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/xprime.co.uk/l
Source: q3na5Mc.exe, 00000000.00000003.2920082661.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk5

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.4:49734 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: q3na5Mc.exe	Static PE information: section name:
Source: q3na5Mc.exe	Static PE information: section name: .idata
Source: q3na5Mc.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\q3na5Mc.exe

Process Stats: CPU usage > 49%

Source: q3na5Mc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: q3na5Mc.exe	Static PE information: Section: ZLIB complexity 0.9984772245762712
Source: q3na5Mc.exe	Static PE information: Section: aclspuwz ZLIB complexity 0.9949096393808547

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@117/17@14/8

Source: C:\Users\user\Desktop\q3na5Mc.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4AQGYMCR.htm

Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000008.00000002.3209536980.00005D68028B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.3408401739.00001D6C0071C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: q3na5Mc.exe, 00000000.00000003.2942796453.000000000575D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: q3na5Mc.exe	ReversingLabs: Detection: 68%
Source: q3na5Mc.exe	Virustotal: Detection: 62%

Source: unknown	Process created: C:\Users\user\Desktop\q3na5Mc.exe "C:\Users\user\Desktop\q3na5Mc.exe"
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2032,i,7998492041793815231,8922312934255648628,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1940,i,15592455425814951278,5020023877692064407,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,12500697406976344934,13105015910300287185,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2156,i,11188581121888817312,6875919620178727185,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2380,i,8001218799654449943,6623514104224635990,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2308,i,11059253417230230044,9941728646549482317,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2340,i,17985702300382429747,1130934232543567300,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1128,i,493915582542698700,1539593171728772100,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,3525743182172609295,16950739648358668730,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2336,i,15526908829217412404,11220468948026717813,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2348,i,14290890633409597707,10078547140900380128,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2340,i,11498279678325188463,17266732332241497530,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2320,i,18283665317459919449,10696787232748000948,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1132,i,13511867980348265246,15321250391913517174,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2004,i,5438365302652956325,14598295700301456704,262144 /prefetch:8
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2032,i,7998492041793815231,8922312934255648628,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1940,i,15592455425814951278,5020023877692064407,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,12500697406976344934,13105015910300287185,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2156,i,11188581121888817312,6875919620178727185,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2380,i,8001218799654449943,6623514104224635990,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2308,i,11059253417230230044,9941728646549482317,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2340,i,17985702300382429747,1130934232543567300,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1128,i,493915582542698700,1539593171728772100,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,3525743182172609295,16950739648358668730,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2336,i,15526908829217412404,11220468948026717813,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2348,i,14290890633409597707,10078547140900380128,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2340,i,11498279678325188463,17266732332241497530,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2320,i,18283665317459919449,10696787232748000948,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1132,i,13511867980348265246,15321250391913517174,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2004,i,5438365302652956325,14598295700301456704,262144 /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Section loaded: cabinet.dll	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: q3na5Mc.exe

Static file information: File size 1825280 > 1048576

Source: q3na5Mc.exe

Static PE information: Raw size of aclspuwz is bigger than: 0x100000 < 0x1ab000

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: q3na5Mc.exe

Static PE information: real checksum: 0x1c39f9 should be: 0x1c2fea

Source: q3na5Mc.exe	Static PE information: section name:
Source: q3na5Mc.exe	Static PE information: section name: .idata
Source: q3na5Mc.exe	Static PE information: section name:
Source: q3na5Mc.exe	Static PE information: section name: aclspuwz
Source: q3na5Mc.exe	Static PE information: section name: zmxyesdg
Source: q3na5Mc.exe	Static PE information: section name: .taggant

Source: q3na5Mc.exe	Static PE information: section name: entropy: 7.977482101979581
Source: q3na5Mc.exe	Static PE information: section name: aclspuwz entropy: 7.954255599915726

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59E8A1 second address: 59E8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59E8A7 second address: 59E8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59E8B5 second address: 59E8CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F56545025ADh 0x00000008 ja 00007F56545025A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5A8360 second address: 5A8365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5A84F1 second address: 5A84F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5A84F7 second address: 5A84FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5A8660 second address: 5A8687 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F56545025BDh 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F56545025A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC6B1 second address: 5AC6B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC6FF second address: 5AC709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F56545025A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC709 second address: 5AC70D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC70D second address: 5AC776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+137B2C45h] 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+137B1A44h], edx 0x00000019 jmp 00007F56545025AAh 0x0000001e call 00007F56545025A9h 0x00000023 pushad 0x00000024 jmp 00007F56545025AAh 0x00000029 push edx 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c pop edx 0x0000002d popad 0x0000002e push eax 0x0000002f jo 00007F56545025AAh 0x00000035 push ebx 0x00000036 pushad 0x00000037 popad 0x00000038 pop ebx 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d jmp 00007F56545025B2h 0x00000042 mov eax, dword ptr [eax] 0x00000044 jne 00007F56545025B4h 0x0000004a push eax 0x0000004b push edx 0x0000004c push edx 0x0000004d pop edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC776 second address: 5AC77A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC77A second address: 5AC79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F56545025B8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC79E second address: 5AC7A8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F565542894Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC7A8 second address: 5AC850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov si, A761h 0x0000000b push 00000003h 0x0000000d stc 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+137B1ADEh], ebx 0x00000016 push 00000003h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F56545025A8h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 call 00007F56545025AEh 0x00000037 mov edx, dword ptr [ebp+137B18B3h] 0x0000003d pop edx 0x0000003e jmp 00007F56545025B6h 0x00000043 call 00007F56545025A9h 0x00000048 jl 00007F56545025CEh 0x0000004e pushad 0x0000004f jmp 00007F56545025B7h 0x00000054 jmp 00007F56545025AFh 0x00000059 popad 0x0000005a push eax 0x0000005b jng 00007F56545025AEh 0x00000061 push esi 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC850 second address: 5AC8E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jno 00007F5655428962h 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F565542894Eh 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a pushad 0x0000001b jne 00007F5655428948h 0x00000021 jmp 00007F5655428957h 0x00000026 popad 0x00000027 pop eax 0x00000028 mov di, 8AD4h 0x0000002c lea ebx, dword ptr [ebp+13933608h] 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F5655428948h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 push ecx 0x00000051 pop ecx 0x00000052 pop esi 0x00000053 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC9A6 second address: 5AC9F4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 28BD537Dh 0x0000000f pushad 0x00000010 mov ecx, edi 0x00000012 jmp 00007F56545025B4h 0x00000017 popad 0x00000018 push 00000003h 0x0000001a or edx, dword ptr [ebp+137B2AE5h] 0x00000020 push 00000000h 0x00000022 mov dword ptr [ebp+137B1933h], eax 0x00000028 push 00000003h 0x0000002a mov dword ptr [ebp+137B1ADEh], eax 0x00000030 call 00007F56545025A9h 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a pop eax 0x0000003b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC9F4 second address: 5AC9FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5AC9FA second address: 5ACA00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA00 second address: 5ACA1C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5655428950h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA1C second address: 5ACA3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e jmp 00007F56545025B3h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA3E second address: 5ACA48 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F565542894Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA48 second address: 5ACA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA55 second address: 5ACA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA5A second address: 5ACA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA60 second address: 5ACA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA64 second address: 5ACA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA68 second address: 5ACA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5655428956h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACA8D second address: 5ACADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F56545025ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F56545025B6h 0x0000000e popad 0x0000000f pop eax 0x00000010 xor cx, F6BAh 0x00000015 mov edi, 6D523E5Bh 0x0000001a lea ebx, dword ptr [ebp+13933611h] 0x00000020 mov dword ptr [ebp+137B1953h], edi 0x00000026 push eax 0x00000027 mov edi, dword ptr [ebp+137B2A5Dh] 0x0000002d pop esi 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 pop eax 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACADD second address: 5ACAFF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5655428956h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACB51 second address: 5ACBDA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F56545025A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F56545025A8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 or edi, dword ptr [ebp+137B2C61h] 0x0000002b call 00007F56545025B3h 0x00000030 jnc 00007F56545025ACh 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 jmp 00007F56545025B7h 0x0000003e call 00007F56545025A9h 0x00000043 pushad 0x00000044 jne 00007F56545025ACh 0x0000004a jno 00007F56545025A6h 0x00000050 push eax 0x00000051 push edx 0x00000052 push ecx 0x00000053 pop ecx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACBDA second address: 5ACBEB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5655428946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACBEB second address: 5ACC26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push esi 0x0000000d jo 00007F56545025A6h 0x00000013 pop esi 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F56545025B0h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jc 00007F56545025A8h 0x0000002e push eax 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACC26 second address: 5ACC2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACC2C second address: 5ACC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5ACCF0 second address: 5ACD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jbe 00007F5655428946h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5BD5B0 second address: 5BD5C2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F56545025A6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5BD5C2 second address: 5BD5CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD7CA second address: 5CD7EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F56545025B7h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD7EA second address: 5CD804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F565542894Dh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD804 second address: 5CD80A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD80A second address: 5CD82D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5655428946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5655428959h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD82D second address: 5CD833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD833 second address: 5CD84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565534EB98h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59B2AC second address: 59B2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 jne 00007F5654C27966h 0x0000000e pop ecx 0x0000000f je 00007F5654C27968h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59B2C9 second address: 59B303 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F565534EB86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jnc 00007F565534EB86h 0x00000011 jmp 00007F565534EB90h 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F565534EB94h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CB717 second address: 5CB71B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CBB83 second address: 5CBB89 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CBB89 second address: 5CBB8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CBB8F second address: 5CBB9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC0BB second address: 5CC0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC0C4 second address: 5CC0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC0C8 second address: 5CC0CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC6AA second address: 5CC6B4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565534EB86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC6B4 second address: 5CC6B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59456A second address: 59456E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59456E second address: 59457E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5654C27966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59457E second address: 594584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 594584 second address: 59459C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5654C27972h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CC955 second address: 5CC991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB99h 0x00000008 jmp 00007F565534EB8Dh 0x0000000d pushad 0x0000000e popad 0x0000000f jnp 00007F565534EB86h 0x00000015 popad 0x00000016 jg 00007F565534EB8Eh 0x0000001c push edx 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCF62 second address: 5CCF68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCF68 second address: 5CCF79 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jc 00007F565534EB86h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCF79 second address: 5CCF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCF84 second address: 5CCF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCF8A second address: 5CCFA2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5654C2796Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CCFA2 second address: 5CCFA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5CD0FE second address: 5CD147 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F5654C27975h 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pushad 0x00000016 popad 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5654C2796Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5D7CD1 second address: 5D7CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5D8578 second address: 5D8582 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DBDBA second address: 5DBDBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DBDBE second address: 5DBDDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F5654C2796Ch 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop edi 0x0000000f popad 0x00000010 jnp 00007F5654C27972h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DB67D second address: 5DB697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F565534EB86h 0x0000000a popad 0x0000000b jmp 00007F565534EB8Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DB697 second address: 5DB6A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DB6A0 second address: 5DB6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DB94E second address: 5DB95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F5654C27972h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DB95B second address: 5DB961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF332 second address: 5DF337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF337 second address: 5DF353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB97h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF392 second address: 5DF3B2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 09DE7400h 0x00000012 call 00007F5654C27969h 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF887 second address: 5DF8A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF8A1 second address: 5DF8A6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E015A second address: 5E0160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E0160 second address: 5E0164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E0319 second address: 5E031F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E031F second address: 5E0328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E055C second address: 5E0561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E0561 second address: 5E057F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5654C2796Ah 0x00000008 jns 00007F5654C27966h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E141D second address: 5E1424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E1270 second address: 5E1274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E1424 second address: 5E142E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F565534EB8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E1274 second address: 5E1278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E1278 second address: 5E127E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E1C16 second address: 5E1C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E127E second address: 5E1298 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB95h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E2449 second address: 5E244D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E508C second address: 5E5096 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F565534EB86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E42D4 second address: 5E42D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E6FD3 second address: 5E6FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E6FD7 second address: 5E6FDD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E6FDD second address: 5E6FE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F565534EB86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E6FE7 second address: 5E6FEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E7526 second address: 5E754A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F565534EB8Dh 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jng 00007F565534EB86h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E754A second address: 5E7594 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F5654C2796Ch 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edi, dword ptr [ebp+137B2B1Dh] 0x00000012 mov edi, dword ptr [ebp+137B18B3h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b jc 00007F5654C27967h 0x00000021 cmc 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 jbe 00007F5654C2796Ch 0x0000002b movzx edi, di 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jno 00007F5654C2796Ch 0x00000037 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5EA77F second address: 5EA783 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E6237 second address: 5E624C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E624C second address: 5E6267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jno 00007F565534EB8Ch 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E8868 second address: 5E8880 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F5654C27968h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5EEDCC second address: 5EEDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E8880 second address: 5E8886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E76FD second address: 5E7714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E9828 second address: 5E9832 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E9832 second address: 5E983C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F565534EB86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F29EE second address: 5F29FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F29FF second address: 5F2A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5EFC76 second address: 5EFC86 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F3932 second address: 5F393C instructions: 0x00000000 rdtsc 0x00000002 js 00007F565534EB8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F393C second address: 5F39BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F5654C27968h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edi, 79D4FF61h 0x00000028 push 00000000h 0x0000002a jmp 00007F5654C2796Ch 0x0000002f jmp 00007F5654C27976h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007F5654C27968h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov edi, dword ptr [ebp+137B347Bh] 0x00000056 mov dword ptr [ebp+1394539Eh], ecx 0x0000005c push eax 0x0000005d pushad 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5EFD2D second address: 5EFD31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5EFD31 second address: 5EFD43 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F48DB second address: 5F4952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB97h 0x00000008 jnc 00007F565534EB86h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F565534EB88h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov edi, 05339C5Fh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F565534EB88h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d add ebx, 41C421A8h 0x00000053 stc 0x00000054 push 00000000h 0x00000056 sub ebx, dword ptr [ebp+137B2AF1h] 0x0000005c push eax 0x0000005d pushad 0x0000005e push esi 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F59D7 second address: 5F59DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F59DB second address: 5F59DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F59DF second address: 5F59E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F3B65 second address: 5F3B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F3B6B second address: 5F3BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 adc edi, 09F7FAA1h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F5654C27968h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e sub dword ptr [ebp+1393F33Bh], edx 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b movzx ebx, di 0x0000003e mov eax, dword ptr [ebp+137B0061h] 0x00000044 mov dword ptr [ebp+137B296Fh], esi 0x0000004a push FFFFFFFFh 0x0000004c xor bh, FFFFFFBBh 0x0000004f nop 0x00000050 push esi 0x00000051 jmp 00007F5654C2796Fh 0x00000056 pop esi 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jmp 00007F5654C2796Bh 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F3BDF second address: 5F3BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F3BE4 second address: 5F3BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F1B9F second address: 5F1BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F1BA6 second address: 5F1BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F1BAC second address: 5F1C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 cld 0x00000008 push dword ptr fs:[00000000h] 0x0000000f mov dword ptr fs:[00000000h], esp 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F565534EB88h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 add dword ptr [ebp+13940F28h], edx 0x00000036 mov eax, dword ptr [ebp+137B0021h] 0x0000003c sub dword ptr [ebp+137B1A9Eh], edi 0x00000042 sub di, 33FCh 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edi 0x0000004c call 00007F565534EB88h 0x00000051 pop edi 0x00000052 mov dword ptr [esp+04h], edi 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc edi 0x0000005f push edi 0x00000060 ret 0x00000061 pop edi 0x00000062 ret 0x00000063 mov dword ptr [ebp+137B347Bh], eax 0x00000069 push eax 0x0000006a pushad 0x0000006b jno 00007F565534EB8Ch 0x00000071 push eax 0x00000072 push edx 0x00000073 jl 00007F565534EB86h 0x00000079 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F69E2 second address: 5F69E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F69E8 second address: 5F69EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F4ADC second address: 5F4AEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F4AEC second address: 5F4AF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F565534EB86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F4BC1 second address: 5F4BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F4BC5 second address: 5F4BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F5B90 second address: 5F5B94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F5B94 second address: 5F5B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F6B76 second address: 5F6B7C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F6B7C second address: 5F6BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565534EB94h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F9D10 second address: 5F9D21 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5654C27966h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 596109 second address: 59610F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F7B65 second address: 5F7B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59610F second address: 596113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 596113 second address: 596127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnp 00007F5654C27966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F7B69 second address: 5F7C01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB92h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b jnp 00007F565534EB8Eh 0x00000011 jnl 00007F565534EB88h 0x00000017 nop 0x00000018 mov bx, dx 0x0000001b push dword ptr fs:[00000000h] 0x00000022 or dword ptr [ebp+137B1B9Fh], edi 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov ebx, dword ptr [ebp+137B35E1h] 0x00000035 mov eax, dword ptr [ebp+137B14E5h] 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F565534EB88h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 00000015h 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 stc 0x00000056 push FFFFFFFFh 0x00000058 push 00000000h 0x0000005a push edx 0x0000005b call 00007F565534EB88h 0x00000060 pop edx 0x00000061 mov dword ptr [esp+04h], edx 0x00000065 add dword ptr [esp+04h], 00000019h 0x0000006d inc edx 0x0000006e push edx 0x0000006f ret 0x00000070 pop edx 0x00000071 ret 0x00000072 mov dword ptr [ebp+137B36DFh], eax 0x00000078 push eax 0x00000079 pushad 0x0000007a pushad 0x0000007b push esi 0x0000007c pop esi 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 596127 second address: 596132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5F7C01 second address: 5F7C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 602A90 second address: 602ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5654C27974h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push ebx 0x0000000d jmp 00007F5654C2796Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 602ABD second address: 602AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5A0412 second address: 5A041C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5654C27977h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6022C3 second address: 6022C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6022C9 second address: 6022D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5654C27966h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 60259D second address: 6025A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6025A3 second address: 6025A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6025A7 second address: 6025AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 60B44F second address: 60B454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59972C second address: 599730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 599730 second address: 599734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 599734 second address: 59973A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 59973A second address: 59974C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007F5654C27966h 0x00000009 pop ebx 0x0000000a jc 00007F5654C2796Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 612019 second address: 612028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F565534EB86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6125BF second address: 6125DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F5654C27976h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 617255 second address: 61725A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61725A second address: 617260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 617506 second address: 61750A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61750A second address: 617519 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5654C27966h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 617519 second address: 61751F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61751F second address: 61752F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jnp 00007F5654C27968h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 617A9F second address: 617AD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F565534EB8Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F565534EB93h 0x00000014 jng 00007F565534EB86h 0x0000001a pop edx 0x0000001b push edi 0x0000001c push edi 0x0000001d pop edi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 617AD5 second address: 617AE7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5654C27968h 0x00000008 jc 00007F5654C2796Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5C286B second address: 5C2871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 618585 second address: 6185A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F5654C27974h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6185A1 second address: 6185AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6185AE second address: 6185B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 616F69 second address: 616F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 616F6D second address: 616F71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E1D6 second address: 61E1DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E1DC second address: 61E1E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DDD07 second address: 5DDD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DDD0D second address: 5DDD5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edi 0x00000007 jmp 00007F5654C2796Eh 0x0000000c pop edi 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F5654C27968h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 lea eax, dword ptr [ebp+13964ABAh] 0x0000002e mov edi, 787B36FCh 0x00000033 nop 0x00000034 pushad 0x00000035 push ecx 0x00000036 pushad 0x00000037 popad 0x00000038 pop ecx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F5654C2796Bh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE189 second address: 5DE18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE305 second address: 5DE30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE60F second address: 5DE619 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565534EB86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE750 second address: 5DE76A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5654C27971h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE76A second address: 5DE7D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007F565534EB8Ch 0x0000000f or edi, dword ptr [ebp+137B2C59h] 0x00000015 push esi 0x00000016 call 00007F565534EB99h 0x0000001b movsx edx, ax 0x0000001e pop edi 0x0000001f pop edx 0x00000020 push 00000004h 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007F565534EB88h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000019h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov edi, dword ptr [ebp+137B2F2Ch] 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 ja 00007F565534EB86h 0x0000004c push edi 0x0000004d pop edi 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DEEC1 second address: 5DEEF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jno 00007F5654C2797Dh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007F5654C27968h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DEEF3 second address: 5DEF0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565534EB97h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DEF0E second address: 5DEF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DEF12 second address: 5DEF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b jmp 00007F565534EB96h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DEF3D second address: 5DEF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5654C2796Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF060 second address: 5DF0B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F565534EB9Eh 0x00000010 jmp 00007F565534EB98h 0x00000015 nop 0x00000016 mov ecx, dword ptr [ebp+137B2A2Dh] 0x0000001c lea eax, dword ptr [ebp+13964ABAh] 0x00000022 sub edi, 358F3FD8h 0x00000028 push eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F565534EB90h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF0B7 second address: 5DF0CC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5654C2796Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DF0CC second address: 5C286B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F565534EB88h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 call dword ptr [ebp+137B188Eh] 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E4A3 second address: 61E4AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E4AD second address: 61E4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E4B3 second address: 61E4B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E616 second address: 61E632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565534EB97h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E632 second address: 61E638 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61E90A second address: 61E932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F565534EB91h 0x0000000a ja 00007F565534EB86h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jnc 00007F565534EB86h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EAA8 second address: 61EAB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EAB8 second address: 61EABD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EABD second address: 61EADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5654C27971h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EADE second address: 61EAE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EC07 second address: 61EC15 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5654C27966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EC15 second address: 61EC19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EC19 second address: 61EC2B instructions: 0x00000000 rdtsc 0x00000002 js 00007F5654C27966h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EC2B second address: 61EC76 instructions: 0x00000000 rdtsc 0x00000002 je 00007F565534EB86h 0x00000008 ja 00007F565534EB86h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F565534EB8Dh 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 popad 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F565534EB96h 0x00000022 jmp 00007F565534EB90h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 61EC76 second address: 61EC7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6255AE second address: 6255B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 625BAB second address: 625BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 jl 00007F5654C27977h 0x0000000d jmp 00007F5654C2796Fh 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6262F9 second address: 6262FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6265EE second address: 626638 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27975h 0x00000007 pushad 0x00000008 jmp 00007F5654C27979h 0x0000000d jmp 00007F5654C27975h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 626638 second address: 626647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 626647 second address: 62664B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62664B second address: 626651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 626651 second address: 62665B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5654C2797Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62995B second address: 629960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 629960 second address: 629990 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5654C27973h 0x00000008 jmp 00007F5654C27976h 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FC91 second address: 62FC95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FC95 second address: 62FC9B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FC9B second address: 62FCBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB98h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FCBD second address: 62FCC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FCC1 second address: 62FCC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FCC7 second address: 62FCD1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5654C27972h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 62FCD1 second address: 62FCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F565534EB86h 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F565534EB86h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 630156 second address: 630193 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5654C27966h 0x00000008 jmp 00007F5654C27970h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F5654C27968h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jmp 00007F5654C27976h 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 630193 second address: 630198 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 630198 second address: 63019E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63019E second address: 6301A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 632AC9 second address: 632AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F5654C27966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 632AD8 second address: 632ADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 632ADE second address: 632AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5654C27966h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 639B9F second address: 639BCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F565534EBA3h 0x0000000e jmp 00007F565534EB97h 0x00000013 ja 00007F565534EB86h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 639BCA second address: 639BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 639BD0 second address: 639BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE9C2 second address: 5DE9C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5DE9C8 second address: 5DEA2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB91h 0x00000008 jl 00007F565534EB86h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 mov edx, esi 0x00000016 mov ebx, dword ptr [ebp+13964AF9h] 0x0000001c adc ch, 0000003Fh 0x0000001f add eax, ebx 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F565534EB88h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Ah 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov dword ptr [ebp+137B1933h], esi 0x00000041 sub ecx, 77915B47h 0x00000047 mov ecx, eax 0x00000049 nop 0x0000004a push edi 0x0000004b pushad 0x0000004c push ecx 0x0000004d pop ecx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A21B second address: 63A237 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F5654C27966h 0x0000000e jmp 00007F5654C2796Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A237 second address: 63A23B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A23B second address: 63A241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A241 second address: 63A25D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F565534EB90h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A3AB second address: 63A3B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A3B1 second address: 63A3BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F565534EB86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A3BB second address: 63A3D8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5654C27966h 0x00000008 jno 00007F5654C27966h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jg 00007F5654C2796Eh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A3D8 second address: 63A3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007F565534EB86h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63A3E7 second address: 63A40A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5654C27975h 0x00000009 popad 0x0000000a pushad 0x0000000b jnc 00007F5654C27966h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63F956 second address: 63F969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F565534EB86h 0x0000000d jg 00007F565534EB86h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63FA9E second address: 63FAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007F5654C2797Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 63FAC1 second address: 63FAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 597C32 second address: 597C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jc 00007F5654C2796Eh 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 597C43 second address: 597C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 597C47 second address: 597C4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 597C4C second address: 597C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F565534EB86h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 642E76 second address: 642E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 642E7B second address: 642EB7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 jmp 00007F565534EB97h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007F565534EB98h 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 642EB7 second address: 642EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64B3E2 second address: 64B3F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F565534EB8Bh 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64B3F9 second address: 64B3FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6493D1 second address: 6493EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F565534EB86h 0x0000000a jmp 00007F565534EB90h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6493EB second address: 6493EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64953E second address: 649542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649542 second address: 649582 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27972h 0x00000007 jo 00007F5654C27966h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F5654C27984h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6496FC second address: 649700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649F2E second address: 649F32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649F32 second address: 649F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F565534EB86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649F3E second address: 649F57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5654C27973h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649F57 second address: 649F79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F565534EB95h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 649F79 second address: 649F95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27974h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64A267 second address: 64A271 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F565534EB8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64A7FF second address: 64A805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64A805 second address: 64A827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F565534EB86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565534EB8Ah 0x00000012 jmp 00007F565534EB8Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64A827 second address: 64A83C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Bh 0x00000007 jnl 00007F5654C27966h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64AB02 second address: 64AB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 64AB06 second address: 64AB0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65190C second address: 651955 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F565534EB8Dh 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop ecx 0x00000015 pushad 0x00000016 jmp 00007F565534EB99h 0x0000001b jl 00007F565534EB8Ch 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 651955 second address: 651968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5654C2796Ch 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650DFA second address: 650E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650E00 second address: 650E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007F5654C2796Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650F8A second address: 650F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650F8E second address: 650F92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650F92 second address: 650F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650F98 second address: 650FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650FA2 second address: 650FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650FA6 second address: 650FB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F5654C27966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 650FB7 second address: 650FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565534EB97h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 651142 second address: 651149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 651149 second address: 65114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65114E second address: 65116B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27978h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65168F second address: 651693 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 656710 second address: 656728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5654C2796Dh 0x00000009 jns 00007F5654C27966h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65EB82 second address: 65EB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65EFF7 second address: 65F03A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F5654C27968h 0x0000000c popad 0x0000000d pushad 0x0000000e push ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 jmp 00007F5654C27970h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push esi 0x0000001b pop esi 0x0000001c popad 0x0000001d jmp 00007F5654C27971h 0x00000022 push eax 0x00000023 push edx 0x00000024 jo 00007F5654C27966h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F2FD second address: 65F301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F301 second address: 65F305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F305 second address: 65F30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F9DD second address: 65F9E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F9E2 second address: 65F9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F565534EB86h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f ja 00007F565534EB86h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 65F9F7 second address: 65FA22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5654C27977h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F5654C2796Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 660207 second address: 66020B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 66020B second address: 660214 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 66094B second address: 660951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 667C4A second address: 667C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 667D9A second address: 667DA4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565534EB86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 667DA4 second address: 667DAE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5654C2796Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 67750A second address: 677526 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F565534EB86h 0x00000008 jmp 00007F565534EB92h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 677526 second address: 677532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F5654C27966h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 677532 second address: 677557 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB91h 0x00000007 jmp 00007F565534EB8Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679BDF second address: 679BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679BE3 second address: 679BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB92h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679BF9 second address: 679C45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5654C27978h 0x00000008 jns 00007F5654C27966h 0x0000000e popad 0x0000000f jnc 00007F5654C2797Ah 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pop edx 0x0000001d jl 00007F5654C27972h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679C45 second address: 679C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F565534EB86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679C4F second address: 679C6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F5654C27970h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 679C6A second address: 679C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 67F70D second address: 67F71C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F5654C27966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 686AC2 second address: 686AF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F565534EB96h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 686AF1 second address: 686AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jp 00007F5654C27966h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 686AFD second address: 686B31 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jns 00007F565534EBA4h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 69011A second address: 690120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 690561 second address: 690567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 690567 second address: 69056B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 69056B second address: 690571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 690883 second address: 690889 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 691259 second address: 691271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565534EB94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 691271 second address: 691299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jne 00007F5654C27993h 0x0000000f ja 00007F5654C27975h 0x00000015 jmp 00007F5654C2796Fh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 691299 second address: 69129F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 69129F second address: 6912A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 697B67 second address: 697B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 697B6B second address: 697B75 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5654C27966h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 697D1A second address: 697D2E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F565534EB8Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 697D2E second address: 697D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5654C27966h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 69E2E0 second address: 69E2E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6A8A75 second address: 6A8A7A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6A0AB9 second address: 6A0AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6B5FB0 second address: 6B5FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6B60ED second address: 6B60F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C0F79 second address: 6C0F7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C122D second address: 6C1233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C1233 second address: 6C123A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C155D second address: 6C1571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007F565534EB86h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C1993 second address: 6C19A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Ah 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C1D87 second address: 6C1D97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C6549 second address: 6C654D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C654D second address: 6C655F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F565534EB8Eh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C655F second address: 6C6563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C8E0E second address: 6C8E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C8E1D second address: 6C8E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5654C27972h 0x00000008 je 00007F5654C27966h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007F5654C2796Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C9163 second address: 6C91A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edx, dword ptr [ebp+137B38FBh] 0x0000000f push 00000004h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F565534EB88h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov edx, dword ptr [ebp+137B38B2h] 0x00000031 push 87247495h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C94B5 second address: 6C953B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movzx edx, ax 0x0000000d jl 00007F5654C2796Ch 0x00000013 or edx, 035BF655h 0x00000019 push dword ptr [ebp+137B2DF4h] 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F5654C27968h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 mov edx, 75291E53h 0x0000003e mov edx, edi 0x00000040 and dx, 34DDh 0x00000045 call 00007F5654C27969h 0x0000004a jmp 00007F5654C27979h 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 6C953B second address: 6C953F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00C5A second address: 4A00C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00C60 second address: 4A00C64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00C64 second address: 4A00C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00C73 second address: 4A00C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00C77 second address: 4A00C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A001B second address: 49A00D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cl, 3Dh 0x0000000d pushfd 0x0000000e jmp 00007F565534EB99h 0x00000013 sub cl, FFFFFFB6h 0x00000016 jmp 00007F565534EB91h 0x0000001b popfd 0x0000001c popad 0x0000001d push eax 0x0000001e jmp 00007F565534EB91h 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F565534EB93h 0x0000002d xor al, FFFFFF9Eh 0x00000030 jmp 00007F565534EB99h 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F565534EB90h 0x0000003c xor ax, 3398h 0x00000041 jmp 00007F565534EB8Bh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A00D6 second address: 49A00EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5654C27974h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A00EE second address: 49A0148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b movsx edx, si 0x0000000e pushfd 0x0000000f jmp 00007F565534EB96h 0x00000014 sub eax, 300B3858h 0x0000001a jmp 00007F565534EB8Bh 0x0000001f popfd 0x00000020 popad 0x00000021 and esp, FFFFFFF8h 0x00000024 jmp 00007F565534EB96h 0x00000029 sub esp, 34h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0148 second address: 49A014C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A014C second address: 49A0152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0152 second address: 49A01F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27974h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b jmp 00007F5654C2796Eh 0x00000010 pushfd 0x00000011 jmp 00007F5654C27972h 0x00000016 adc esi, 4C1CE778h 0x0000001c jmp 00007F5654C2796Bh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F5654C27979h 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F5654C2796Ch 0x00000031 add ax, 1108h 0x00000036 jmp 00007F5654C2796Bh 0x0000003b popfd 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F5654C27976h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A01F2 second address: 49A0288 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 4ABF4381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebx, dword ptr [ebp+08h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F565534EB8Ah 0x00000014 or cx, C698h 0x00000019 jmp 00007F565534EB8Bh 0x0000001e popfd 0x0000001f push esi 0x00000020 mov di, E7BAh 0x00000024 pop edi 0x00000025 popad 0x00000026 xchg eax, esi 0x00000027 jmp 00007F565534EB8Eh 0x0000002c push eax 0x0000002d pushad 0x0000002e mov cx, dx 0x00000031 popad 0x00000032 xchg eax, esi 0x00000033 jmp 00007F565534EB96h 0x00000038 xchg eax, edi 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push ebx 0x0000003d pop ecx 0x0000003e pushfd 0x0000003f jmp 00007F565534EB99h 0x00000044 or eax, 416A6EF6h 0x0000004a jmp 00007F565534EB91h 0x0000004f popfd 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0288 second address: 49A02BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 jmp 00007F5654C27973h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5654C27974h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A02BB second address: 49A02C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A02C1 second address: 49A02C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A02C5 second address: 49A0310 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F565534EB93h 0x00000015 or ah, FFFFFFEEh 0x00000018 jmp 00007F565534EB99h 0x0000001d popfd 0x0000001e push esi 0x0000001f pop edi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0310 second address: 49A033A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+0Ch] 0x0000000c jmp 00007F5654C2796Eh 0x00000011 sub esi, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A033A second address: 49A0354 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0354 second address: 49A03D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 pushfd 0x00000007 jmp 00007F5654C2796Ah 0x0000000c add ax, DB28h 0x00000011 jmp 00007F5654C2796Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esp+10h], esi 0x0000001e jmp 00007F5654C27976h 0x00000023 mov dword ptr [esp+14h], esi 0x00000027 jmp 00007F5654C27970h 0x0000002c push dword ptr [edi] 0x0000002e jmp 00007F5654C27970h 0x00000033 xchg eax, ebx 0x00000034 jmp 00007F5654C27970h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A03D1 second address: 49A03D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A03D5 second address: 49A03DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A03DB second address: 49A03E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A03E0 second address: 49A048D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F5654C2796Bh 0x0000000a add si, 9FDEh 0x0000000f jmp 00007F5654C27979h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebx 0x00000019 pushad 0x0000001a mov al, B2h 0x0000001c pushfd 0x0000001d jmp 00007F5654C27979h 0x00000022 sbb si, F8C6h 0x00000027 jmp 00007F5654C27971h 0x0000002c popfd 0x0000002d popad 0x0000002e call 00007F5654C27969h 0x00000033 jmp 00007F5654C2796Eh 0x00000038 push eax 0x00000039 pushad 0x0000003a jmp 00007F5654C27971h 0x0000003f mov bx, cx 0x00000042 popad 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F5654C2796Fh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A048D second address: 49A04AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A050B second address: 49A0511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0511 second address: 49A0542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+18h], eax 0x0000000c jmp 00007F565534EB97h 0x00000011 test eax, eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov di, 5A66h 0x0000001a mov di, B6F2h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0542 second address: 49A0548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0548 second address: 49A054C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A054C second address: 49A05A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27972h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F56C5086F22h 0x00000011 jmp 00007F5654C27970h 0x00000016 call dword ptr [74E50B60h] 0x0000001c mov eax, 750BE5E0h 0x00000021 ret 0x00000022 jmp 00007F5654C27970h 0x00000027 mov eax, dword ptr [eax+54h] 0x0000002a pushad 0x0000002b call 00007F5654C2796Eh 0x00000030 pop ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A05A5 second address: 49A05A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1076B second address: 4A10788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10788 second address: 4A10862 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, dx 0x0000000e mov si, di 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 mov edx, 1F7D10B6h 0x00000019 mov ebx, 11418242h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 jmp 00007F565534EB99h 0x00000026 push dword ptr [ebp+0Ch] 0x00000029 pushad 0x0000002a mov cl, E6h 0x0000002c pushfd 0x0000002d jmp 00007F565534EB99h 0x00000032 xor si, 6376h 0x00000037 jmp 00007F565534EB91h 0x0000003c popfd 0x0000003d popad 0x0000003e push dword ptr [ebp+08h] 0x00000041 pushad 0x00000042 movzx esi, dx 0x00000045 mov edx, 527FC5ACh 0x0000004a popad 0x0000004b push 7604A208h 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 pushfd 0x00000054 jmp 00007F565534EB8Dh 0x00000059 add ecx, 1B791F86h 0x0000005f jmp 00007F565534EB91h 0x00000064 popfd 0x00000065 pushfd 0x00000066 jmp 00007F565534EB90h 0x0000006b add al, 00000028h 0x0000006e jmp 00007F565534EB8Bh 0x00000073 popfd 0x00000074 popad 0x00000075 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108A2 second address: 4A108A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108A8 second address: 4A108AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108AC second address: 4A108E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b movzx eax, al 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5654C27970h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108E0 second address: 4A108EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108EF second address: 4A108F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108F5 second address: 4A108F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A108F9 second address: 4A10909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10909 second address: 4A1090E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1090E second address: 4A10920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5654C2796Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10920 second address: 4A10924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49B0AF0 second address: 49B0B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5654C27976h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5654C27977h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49B0B31 second address: 49B0B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49B0B55 second address: 49B0B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49B0B59 second address: 49B0B5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0A97 second address: 49A0A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0A9B second address: 49A0A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0A9F second address: 49A0AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0AA5 second address: 49A0AF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F565534EB92h 0x00000009 jmp 00007F565534EB95h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F565534EB98h 0x0000001d pop eax 0x0000001e mov ecx, edi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0AF6 second address: 49A0B43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a movzx eax, dx 0x0000000d pushfd 0x0000000e jmp 00007F5654C2796Dh 0x00000013 adc esi, 55A2AD56h 0x00000019 jmp 00007F5654C27971h 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 mov ebx, eax 0x00000025 mov ebx, ecx 0x00000027 popad 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F5654C2796Ch 0x00000032 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0B43 second address: 49A0B52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49A0B52 second address: 49A0B58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00B42 second address: 4A00B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00B46 second address: 4A00B4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00B4C second address: 4A00B8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 pushfd 0x00000006 jmp 00007F565534EB8Eh 0x0000000b xor esi, 0B93B7C8h 0x00000011 jmp 00007F565534EB8Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F565534EB95h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00B8D second address: 4A00BC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5654C27978h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00BC0 second address: 4A00BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00BC4 second address: 4A00BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00BCA second address: 4A00BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A006F9 second address: 4A00711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5654C27974h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00711 second address: 4A00731 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007F565534EB89h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00731 second address: 4A0074C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0074C second address: 4A00803 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F565534EB8Fh 0x00000009 and esi, 4E03A78Eh 0x0000000f jmp 00007F565534EB99h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F565534EB90h 0x0000001b and eax, 1806CA08h 0x00000021 jmp 00007F565534EB8Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a push eax 0x0000002b jmp 00007F565534EB99h 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 jmp 00007F565534EB91h 0x00000039 mov eax, dword ptr [eax] 0x0000003b pushad 0x0000003c call 00007F565534EB97h 0x00000041 mov ch, FCh 0x00000043 pop edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F565534EB90h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00803 second address: 4A00829 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5654C27976h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00829 second address: 4A00838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0090C second address: 4A0093E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 mov ecx, edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 mov cl, bh 0x00000014 popad 0x00000015 mov ah, A3h 0x00000017 popad 0x00000018 mov esi, eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5654C27976h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0093E second address: 4A0096A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 11h 0x00000005 mov esi, 184CC4E9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub esi, edx 0x0000000f jmp 00007F565534EB95h 0x00000014 mov cl, byte ptr [edx] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0096A second address: 4A0097D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0097D second address: 4A00983 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00983 second address: 4A009BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov byte ptr [esi+edx], cl 0x0000000b pushad 0x0000000c jmp 00007F5654C2796Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F5654C2796Eh 0x00000019 and ax, 0678h 0x0000001e jmp 00007F5654C2796Bh 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A009BE second address: 4A00A6A instructions: 0x00000000 rdtsc 0x00000002 mov bl, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 inc edx 0x00000008 jmp 00007F565534EB8Bh 0x0000000d test cl, cl 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F565534EB94h 0x00000016 and eax, 056B7008h 0x0000001c jmp 00007F565534EB8Bh 0x00000021 popfd 0x00000022 jmp 00007F565534EB98h 0x00000027 popad 0x00000028 jne 00007F565534EACEh 0x0000002e jmp 00007F565534EB90h 0x00000033 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000003a pushad 0x0000003b mov esi, 251D8C2Dh 0x00000040 movzx esi, di 0x00000043 popad 0x00000044 mov ecx, dword ptr [ebp-10h] 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a pushfd 0x0000004b jmp 00007F565534EB8Eh 0x00000050 jmp 00007F565534EB95h 0x00000055 popfd 0x00000056 movzx ecx, bx 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A001F7 second address: 4A00289 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 call 00007F5654C27973h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e call 00007F5654C27969h 0x00000013 jmp 00007F5654C2796Fh 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F5654C2796Fh 0x00000020 or al, FFFFFFCEh 0x00000023 jmp 00007F5654C27979h 0x00000028 popfd 0x00000029 mov si, 8AD7h 0x0000002d popad 0x0000002e mov eax, dword ptr [esp+04h] 0x00000032 jmp 00007F5654C2796Dh 0x00000037 mov eax, dword ptr [eax] 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F5654C27973h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00289 second address: 4A0028D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0028D second address: 4A00293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00293 second address: 4A002BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F565534EB8Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A002BF second address: 4A002D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A002D4 second address: 4A002DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00352 second address: 4A00352 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27972h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edx 0x0000000a pushad 0x0000000b mov al, 7Ch 0x0000000d mov bx, FBCEh 0x00000011 popad 0x00000012 test al, al 0x00000014 pushad 0x00000015 mov dx, B6A6h 0x00000019 jmp 00007F5654C27977h 0x0000001e popad 0x0000001f jne 00007F5654C27917h 0x00000025 mov al, byte ptr [edx] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push ebx 0x0000002b pop eax 0x0000002c mov cx, bx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A003ED second address: 4A003F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A003F1 second address: 4A0040E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0040E second address: 4A00477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F565534EB97h 0x00000009 sub si, 4EAEh 0x0000000e jmp 00007F565534EB99h 0x00000013 popfd 0x00000014 mov bx, ax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a lea ebx, dword ptr [edi+01h] 0x0000001d jmp 00007F565534EB8Ah 0x00000022 mov al, byte ptr [edi+01h] 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F565534EB97h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00477 second address: 4A00539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edi 0x0000000a jmp 00007F5654C2796Eh 0x0000000f test al, al 0x00000011 jmp 00007F5654C27970h 0x00000016 jne 00007F56C500FF30h 0x0000001c jmp 00007F5654C27970h 0x00000021 mov ecx, edx 0x00000023 jmp 00007F5654C27970h 0x00000028 shr ecx, 02h 0x0000002b jmp 00007F5654C27970h 0x00000030 rep movsd 0x00000032 rep movsd 0x00000034 rep movsd 0x00000036 rep movsd 0x00000038 jmp 00007F5654C27970h 0x0000003d mov ecx, edx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F5654C2796Eh 0x00000046 jmp 00007F5654C27975h 0x0000004b popfd 0x0000004c mov ecx, 32DBDA77h 0x00000051 popad 0x00000052 and ecx, 03h 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00539 second address: 4A0053D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0053D second address: 4A0054C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0054C second address: 4A005C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565534EB8Fh 0x00000008 pushfd 0x00000009 jmp 00007F565534EB98h 0x0000000e add esi, 635E43F8h 0x00000014 jmp 00007F565534EB8Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d rep movsb 0x0000001f jmp 00007F565534EB96h 0x00000024 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000002b jmp 00007F565534EB90h 0x00000030 mov eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A005C3 second address: 4A005C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A005C7 second address: 4A005CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A005CD second address: 4A005F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 jmp 00007F5654C27977h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, dword ptr [ebp-10h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 mov di, ax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A005F6 second address: 4A00649 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F565534EB8Eh 0x00000008 add esi, 43314248h 0x0000000e jmp 00007F565534EB8Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ah, A5h 0x00000018 popad 0x00000019 mov dword ptr fs:[00000000h], ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F565534EB8Ch 0x00000029 add ecx, 1A1B84A8h 0x0000002f jmp 00007F565534EB8Bh 0x00000034 popfd 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00649 second address: 4A0064E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A0064E second address: 4A00654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A00654 second address: 4A006B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pushad 0x0000000d mov edi, 6DF51A9Eh 0x00000012 popad 0x00000013 pop edi 0x00000014 jmp 00007F5654C27975h 0x00000019 pop esi 0x0000001a pushad 0x0000001b mov dh, ch 0x0000001d jmp 00007F5654C27979h 0x00000022 popad 0x00000023 pop ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F5654C2796Dh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E2063 second address: 5E208F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F565534EB8Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F565534EB92h 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007F565534EB86h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 5E223A second address: 5E2257 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D01DA second address: 49D01E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D01E0 second address: 49D01E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D01E4 second address: 49D0202 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F565534EB93h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D0202 second address: 49D0231 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5654C2796Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D0231 second address: 49D0270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F565534EB8Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F565534EB97h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49C001B second address: 49C007C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, ax 0x0000000e pushfd 0x0000000f jmp 00007F5654C27978h 0x00000014 jmp 00007F5654C27975h 0x00000019 popfd 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F5654C2796Ch 0x00000023 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49C007C second address: 49C0082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49C0082 second address: 49C0086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49C0086 second address: 49C00D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F565534EB8Eh 0x00000011 mov ebp, esp 0x00000013 jmp 00007F565534EB90h 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F565534EB97h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10042 second address: 4A10048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10048 second address: 4A1004C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1004C second address: 4A1007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F5654C27976h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5654C2796Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1007F second address: 4A10085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10085 second address: 4A100A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e mov edi, eax 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A100A0 second address: 4A100A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A100A4 second address: 4A100AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A100AA second address: 4A100F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F565534EB96h 0x0000000f push 0021BFB5h 0x00000014 jmp 00007F565534EB91h 0x00000019 add dword ptr [esp], 758B407Bh 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 mov ecx, 4B4C2899h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A101CF second address: 4A10235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [ebp-04h], 00000000h 0x0000000d jmp 00007F5654C2796Eh 0x00000012 test ebx, ebx 0x00000014 jmp 00007F5654C27970h 0x00000019 je 00007F56C5CBA819h 0x0000001f jmp 00007F5654C27970h 0x00000024 lea eax, dword ptr [ebp-00000110h] 0x0000002a pushad 0x0000002b call 00007F5654C2796Eh 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A102E1 second address: 4A10309 instructions: 0x00000000 rdtsc 0x00000002 mov cx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [ebp-00000110h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F565534EB98h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10309 second address: 4A1030F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1039A second address: 4A1039F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1039F second address: 4A103D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27977h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-00000118h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5654C27970h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A103D4 second address: 4A103D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A103D8 second address: 4A103DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A103DE second address: 4A10405 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c mov cl, B2h 0x0000000e mov cx, dx 0x00000011 popad 0x00000012 je 00007F56C63E1850h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov bl, ah 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10405 second address: 4A1040B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1040B second address: 4A1040F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1040F second address: 4A10429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F5654C2796Ah 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10429 second address: 4A1042D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1042D second address: 4A10449 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27978h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10449 second address: 4A1044F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1044F second address: 4A10453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10535 second address: 4A1054A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A105C7 second address: 4A105D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5654C2796Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10C70 second address: 4A10C83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10C83 second address: 4A10C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10C89 second address: 4A10C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10951 second address: 4A10976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 mov ah, 5Ah 0x0000000a popad 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5654C27973h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10976 second address: 4A1097C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A1097C second address: 4A109AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27974h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F5654C2796Dh 0x00000013 pop esi 0x00000014 mov ax, di 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A109AB second address: 4A109B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A109B1 second address: 4A109B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A109B5 second address: 4A109EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop ecx 0x00000011 jmp 00007F565534EB99h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10D85 second address: 4A10D8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10D8A second address: 4A10DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F565534EB8Dh 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ecx, edi 0x00000013 movsx edx, cx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10DA9 second address: 4A10DAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10DAF second address: 4A10DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ax, dx 0x00000012 call 00007F565534EB97h 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10DE8 second address: 4A10E01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5654C27974h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10E01 second address: 4A10E10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10E10 second address: 4A10E23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C2796Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10E23 second address: 4A10EA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov di, si 0x00000011 pushfd 0x00000012 jmp 00007F565534EB96h 0x00000017 jmp 00007F565534EB95h 0x0000001c popfd 0x0000001d popad 0x0000001e mov esi, 1E5BA707h 0x00000023 popad 0x00000024 test ecx, ecx 0x00000026 pushad 0x00000027 jmp 00007F565534EB98h 0x0000002c mov edx, esi 0x0000002e popad 0x0000002f je 00007F56C659092Ch 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 movzx eax, di 0x0000003b rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 4A10EA6 second address: 4A10ECE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5654C27975h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, esi 0x0000000b popad 0x0000000c mov edx, dword ptr [ebp+0Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 mov cx, dx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D03B2 second address: 49D03B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D03B8 second address: 49D03C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5654C2796Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\q3na5Mc.exe	RDTSC instruction interceptor: First address: 49D03C7 second address: 49D0468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565534EB99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F565534EB98h 0x00000013 sub cx, 94B8h 0x00000018 jmp 00007F565534EB8Bh 0x0000001d popfd 0x0000001e popad 0x0000001f push eax 0x00000020 pushad 0x00000021 call 00007F565534EB8Fh 0x00000026 call 00007F565534EB98h 0x0000002b pop esi 0x0000002c pop ebx 0x0000002d pushfd 0x0000002e jmp 00007F565534EB90h 0x00000033 and cx, B978h 0x00000038 jmp 00007F565534EB8Bh 0x0000003d popfd 0x0000003e popad 0x0000003f xchg eax, ebp 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\q3na5Mc.exe	Special instruction interceptor: First address: 42CA1E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\q3na5Mc.exe	Special instruction interceptor: First address: 42CA70 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\q3na5Mc.exe	Special instruction interceptor: First address: 5D6BC2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\q3na5Mc.exe	Special instruction interceptor: First address: 42A476 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\q3na5Mc.exe	Special instruction interceptor: First address: 5FD84D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\q3na5Mc.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe	Window / User API: threadDelayed 1333	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window / User API: threadDelayed 1453	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Window / User API: threadDelayed 1069	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7644	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7644	Thread sleep time: -82041s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7648	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7648	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7620	Thread sleep count: 1333 > 30	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7620	Thread sleep time: -2667333s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7640	Thread sleep count: 1453 > 30	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7640	Thread sleep time: -2907453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7624	Thread sleep count: 1069 > 30	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe TID: 7624	Thread sleep time: -2139069s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe, 00000008.00000002.3211968074.00005D6802F1C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=6469df03-c61a-4b28-9b10-723875cfbc01]h
Source: chrome.exe, 00000008.00000002.3211270008.00005D6802D20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: chrome.exe, 00000008.00000002.3213703814.00005D6803340000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000008.00000002.3211968074.00005D6802F1C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=6469df03-c61a-4b28-9b10-723875cfbc01
Source: chrome.exe, 00000008.00000002.3211968074.00005D6802F1C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=6469df03-c61a-4b28-9b10-723875cfbc01
Source: chrome.exe, 00000008.00000002.3211968074.00005D6802F1C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=6469df03-c61a-4b28-9b10-723875cfbc01]h
Source: chrome.exe, 00000008.00000002.3201021753.000001EAD3CD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chrome.exe, 0000000B.00000002.3103341895.000002AB7A75D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ
Source: chrome.exe, 0000000D.00000002.3398420579.000001D2AC0F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
Source: chrome.exe, 0000000F.00000003.3315866448.000002100E449000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000F.00000002.3477191391.000002100E44A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;

Source: C:\Users\user\Desktop\q3na5Mc.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\q3na5Mc.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\q3na5Mc.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: NTICE
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: SICE
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\q3na5Mc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\q3na5Mc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q3na5Mc.exe PID: 7604, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\q3na5Mc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior

Source: Yara match

File source: Process Memory Space: q3na5Mc.exe PID: 7604, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\q3na5Mc.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1841785763.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: q3na5Mc.exe PID: 7604, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	1 OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
q3na5Mc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report q3na5Mc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
q3na5Mc.exe